mirror of
https://github.com/scratchfoundation/restify-cors-middleware.git
synced 2024-12-19 04:12:25 -05:00
46 lines
1.3 KiB
JavaScript
46 lines
1.3 KiB
JavaScript
var origin = require('./origin');
|
|
var constants = require('./constants.js');
|
|
|
|
exports.handler = function(options) {
|
|
|
|
return function(req, res, next) {
|
|
if (req.method !== 'OPTIONS') return next();
|
|
|
|
// 6.2.1 and 6.2.2
|
|
var originHeader = req.headers['origin'];
|
|
if (origin.match(originHeader, options.origins) === false) return next();
|
|
|
|
// 6.2.3
|
|
var requestedMethod = req.headers[constants['AC_REQ_METHOD']];
|
|
if (!requestedMethod) return next();
|
|
|
|
// 6.2.4
|
|
var requestedHeaders = req.headers[constants['AC_REQ_HEADERS']];
|
|
requestedHeaders = requestedHeaders ? requestedHeaders.split(', ') : [];
|
|
|
|
var allowedMethods = [requestedMethod, 'OPTIONS'];
|
|
var allowedHeaders = constants['ALLOW_HEADERS']
|
|
.concat(options.allowHeaders);
|
|
|
|
res.once('header', function() {
|
|
// 6.2.7
|
|
res.header(constants['AC_ALLOW_ORIGIN'], originHeader);
|
|
res.header(constants['AC_ALLOW_CREDS'], true);
|
|
|
|
// 6.2.8
|
|
if (options.preflightMaxAge) {
|
|
res.header(constants['AC_MAX_AGE'], options.preflightMaxAge);
|
|
}
|
|
|
|
// 6.2.9
|
|
res.header(constants['AC_ALLOW_METHODS'], allowedMethods.join(', '));
|
|
|
|
// 6.2.10
|
|
res.header(constants['AC_ALLOW_HEADERS'], allowedHeaders.join(', '));
|
|
|
|
});
|
|
|
|
res.send(constants['HTTP_NO_CONTENT']);
|
|
};
|
|
|
|
};
|