Allow disabling of CORS

It is desirable to disable CORS for development purposes in order to
validate same-origin policy and web security concepts. Additionally,
json-server could be used to show proxy concepts.

This change adds a new CLI option `--no-cors` which disables CORS by not
adding the CORS middleware. The change is backwards compatible since the
default behavior, i.e. adding CORS headers is retained.

src/cli/index.js

@@ -36,6 +36,10 @@ module.exports = function () {
         alias: 'ro',
         description: 'Allow only GET requests'
       },
+      'no-cors': {
+        alias: 'nc',
+        description: 'Disable Cross-Origin Resource Sharing'
+      },
       snapshots: {
         alias: 'S',
         description: 'Set snapshots directory',
@@ -58,6 +62,7 @@ module.exports = function () {
     .boolean('watch')
     .boolean('read-only')
     .boolean('quiet')
+    .boolean('no-cors')
     .help('help').alias('help', 'h')
     .version(pkg.version).alias('version', 'v')
     .example('$0 db.json', '')

src/cli/run.js

@@ -44,7 +44,8 @@ function createApp (source, object, routes, argv) {
 
   var defaultsOpts = {
     logger: !argv.quiet,
-    readOnly: argv.readOnly
+    readOnly: argv.readOnly,
+    noCors: argv.noCors
   }
 
   if (argv.static) {