scratchfoundation/restify-cors-middleware
1
0
Fork 0
mirror of https://github.com/scratchfoundation/restify-cors-middleware.git synced 2024-12-18 11:52:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

add support and tests for simple/actual requests needing Access-Control-Allow-Credentials

Browse source
This commit is contained in:
Walker Weyerhaeuser 2015-05-08 16:04:52 -05:00
parent a48453ad77
commit f41b09029b
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/actual.js
View file

@ -12,6 +12,7 @@ var restify = require('restify');
exports.handler = function(options) { exports.handler = function(options) {
return restify.CORS({ return restify.CORS({
credentials: options.credentials,
origins: options.origins, origins: options.origins,
headers: options.exposeHeaders headers: options.exposeHeaders
}); });

1
src/index.js
View file

@ -7,6 +7,7 @@ module.exports = function(options) {
if (! util.isArray(options.origins)) options.origins = ['*']; if (! util.isArray(options.origins)) options.origins = ['*'];
if (! util.isArray(options.allowHeaders)) options.allowHeaders = []; if (! util.isArray(options.allowHeaders)) options.allowHeaders = [];
if (! util.isArray(options.exposeHeaders)) options.exposeHeaders = []; if (! util.isArray(options.exposeHeaders)) options.exposeHeaders = [];
if (options.origins[0] === '*') options.credentials = false;
return { return {
actual: actual.handler(options), actual: actual.handler(options),

26
test/cors.actual.spec.js
View file

@ -44,6 +44,32 @@ describe('CORS: simple / actual requests', function() {
.end(done); .end(done);
}); });
it('6.1.3 Does not set Access-Control-Allow-Credentials header if Origin is *', function(done) {
var server = test.corsServer({
origins: ['*'],
credentials: true
});
request(server)
.get('/test')
.set('Origin', 'http://api.myapp.com')
.expect(test.noHeader('access-control-allow-credentials'))
.expect(200)
.end(done);
});
it('6.1.3 Sets Access-Control-Allow-Credentials header if configured', function(done) {
var server = test.corsServer({
origins: ['http://api.myapp.com'],
credentials: true
});
request(server)
.get('/test')
.set('Origin', 'http://api.myapp.com')
.expect('access-control-allow-credentials', 'true')
.expect(200)
.end(done);
});
it('6.1.4 Does not set exposed headers if empty', function(done) { it('6.1.4 Does not set exposed headers if empty', function(done) {
var server = test.corsServer({ var server = test.corsServer({
origins: ['http://api.myapp.com', 'http://www.myapp.com'] origins: ['http://api.myapp.com', 'http://www.myapp.com']