mirror of
https://github.com/scratchfoundation/restify-cors-middleware.git
synced 2024-12-21 13:22:26 -05:00
Merge pull request #8 from wlkrw/support-access-control-allow-credentials
add support and tests for simple/actual requests needing Access-Contr…
This commit is contained in:
commit
b7b5c7ab66
3 changed files with 28 additions and 0 deletions
|
@ -12,6 +12,7 @@ var restify = require('restify');
|
||||||
exports.handler = function(options) {
|
exports.handler = function(options) {
|
||||||
|
|
||||||
return restify.CORS({
|
return restify.CORS({
|
||||||
|
credentials: options.credentials,
|
||||||
origins: options.origins,
|
origins: options.origins,
|
||||||
headers: options.exposeHeaders
|
headers: options.exposeHeaders
|
||||||
});
|
});
|
||||||
|
|
|
@ -7,6 +7,7 @@ module.exports = function(options) {
|
||||||
if (! util.isArray(options.origins)) options.origins = ['*'];
|
if (! util.isArray(options.origins)) options.origins = ['*'];
|
||||||
if (! util.isArray(options.allowHeaders)) options.allowHeaders = [];
|
if (! util.isArray(options.allowHeaders)) options.allowHeaders = [];
|
||||||
if (! util.isArray(options.exposeHeaders)) options.exposeHeaders = [];
|
if (! util.isArray(options.exposeHeaders)) options.exposeHeaders = [];
|
||||||
|
if (options.origins[0] === '*') options.credentials = false;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
actual: actual.handler(options),
|
actual: actual.handler(options),
|
||||||
|
|
|
@ -44,6 +44,32 @@ describe('CORS: simple / actual requests', function() {
|
||||||
.end(done);
|
.end(done);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('6.1.3 Does not set Access-Control-Allow-Credentials header if Origin is *', function(done) {
|
||||||
|
var server = test.corsServer({
|
||||||
|
origins: ['*'],
|
||||||
|
credentials: true
|
||||||
|
});
|
||||||
|
request(server)
|
||||||
|
.get('/test')
|
||||||
|
.set('Origin', 'http://api.myapp.com')
|
||||||
|
.expect(test.noHeader('access-control-allow-credentials'))
|
||||||
|
.expect(200)
|
||||||
|
.end(done);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('6.1.3 Sets Access-Control-Allow-Credentials header if configured', function(done) {
|
||||||
|
var server = test.corsServer({
|
||||||
|
origins: ['http://api.myapp.com'],
|
||||||
|
credentials: true
|
||||||
|
});
|
||||||
|
request(server)
|
||||||
|
.get('/test')
|
||||||
|
.set('Origin', 'http://api.myapp.com')
|
||||||
|
.expect('access-control-allow-credentials', 'true')
|
||||||
|
.expect(200)
|
||||||
|
.end(done);
|
||||||
|
});
|
||||||
|
|
||||||
it('6.1.4 Does not set exposed headers if empty', function(done) {
|
it('6.1.4 Does not set exposed headers if empty', function(done) {
|
||||||
var server = test.corsServer({
|
var server = test.corsServer({
|
||||||
origins: ['http://api.myapp.com', 'http://www.myapp.com']
|
origins: ['http://api.myapp.com', 'http://www.myapp.com']
|
||||||
|
|
Loading…
Reference in a new issue