Here's a simple middleware function to serve up the correct CORS header from a whitelist. Setting this near the top of your express app will allow all your routes to set the proper header from the whitelist before serving up content.
app.use(function(req, res, next){
var whitelist = ['localhost:4000', 'localhost:3000', 'anydomain.com']
var host = req.get('host');
whitelist.forEach(function(val, key){
if (host.indexOf(val) > -1){
res.setHeader('Access-Control-Allow-Origin', host);
}
})
next();
});
