Add option to disable CORS headers

README.md

@@ -156,6 +156,13 @@ Where `options` is a hash which can contain:
   connection have not been seen for a while. This delay is configured
   by this setting. By default the `close` event will be emitted when a
   receiving connection wasn't seen for 5 seconds.  </dd>
+
+<dt>disable_cors (boolean)</dt>
+<dd>Enabling this option will prevent
+  <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing">CORS</a>
+  headers from being included in the HTTP response. Can be used when the
+  sockjs client is known to be connecting from the same origin as the 
+  sockjs server.</dd>
 </dl>
 
 

src/chunking-test.coffee

@@ -33,7 +33,7 @@ exports.app =
     info: (req, res, _) ->
         info = {
             websocket: @options.websocket,
-            origins: ['*:*'],
+            origins: ['*:*'] unless @options.disable_cors,
             cookie_needed: not not @options.jsessionid,
             entropy: utils.random32(),
         }

src/trans-xhr.coffee

@@ -57,6 +57,9 @@ exports.app =
         return true
 
     xhr_cors: (req, res, content) ->
+        if @options.disable_cors
+            return content
+
         if !req.headers['origin']
             origin = '*'
         else