#309

[divya2212001]

No description provided.

[sheplu]

thanks for the PR but would you have a bit more context?
Checking the linked issues, it seems to be an userland issue? what is this new code providing?

[divya2212001]

Thanks for the feedback!

This PR adds a dedicated test case for verifying that CORS headers are correctly applied when serving font files (.woff, .woff2, .ttf, .otf) through express.static().

The issue (#309) reports that while JS and CSS files do not trigger CORS errors, fonts do — even with valid CORS middleware setup. This test suite reproduces that scenario and ensures that the CORS middleware behavior is consistent across different static asset types.

Specifically, this code:

Applies the CORS middleware before static file serving.

Dynamically supports multiple allowed origins via process.env.ALLOWED_ORIGINS.

Verifies that allowed origins receive correct Access-Control-Allow-Origin headers.

Ensures disallowed origins do not get the CORS header, even if static files are still served.

The goal is to confirm whether the issue lies within expressjs/cors or in userland configuration when fonts are involved.