Allow configuring CORS origins

api.js

@@ -144,7 +144,7 @@ if (config.api.secure && certOptions.key) {
 const server = restify.createServer(serverOptions);
 
 const cors = corsMiddleware({
-    origins: ['*'],
+    origins: [].concat(config.api.cors.origins || ['*']),
     allowHeaders: ['X-Access-Token'],
     allowCredentialsAllOrigins: true
 });

config/api.toml

@@ -57,3 +57,6 @@ accountDescription="WildDuck ({email})"
 # If certificate path is not defined, use global or built-in self-signed certs
 #key="/path/to/server/key.pem"
 #cert="/path/to/server/cert.pem"
+
+[cors]
+origins = ["*"]