Skip to content
This repository has been archived by the owner on Feb 26, 2024. It is now read-only.

CORS preflight - Access-Control-Request-Headers -> Access-Control-Allow-Headers #226

Merged
merged 6 commits into from
Jan 19, 2019
Merged

CORS preflight - Access-Control-Request-Headers -> Access-Control-Allow-Headers #226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e53fc5f
add CORS Access-Control-Allow-Headers test
alexxpoch Nov 15, 2018
70cc313
fixes #143
alexxpoch Nov 15, 2018
cfffb94
update shrinkwrap
alexxpoch Nov 16, 2018
0858feb
update shrinkwrap
alexxpoch Nov 16, 2018
208f52f
Don't send CORS preflight responses with all response methods.
davidmurdoch Jan 19, 2019
8326e9b
Merge branch 'develop' into cors_allow_headers
davidmurdoch Jan 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 11 additions & 12 deletions lib/httpServer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,19 @@ module.exports = function(provider, logger) {
// do whatever we need to in order to respond to this request.

var headers = {
"Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, User-Agent",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "*"
"Access-Control-Allow-Origin": "*"
};

switch (method) {
case "OPTIONS":
headers["Content-Type"] = "text/plain";
response.writeHead(200, headers);
response.end("");
if (request.headers.hasOwnProperty("access-control-request-headers")) {
headers["Access-Control-Allow-Headers"] = request.headers["access-control-request-headers"];
headers["Vary"] = "Access-Control-Request-Headers";
}
headers["Access-Control-Allow-Methods"] = "POST";
headers["Content-Length"] = 0;
response.writeHead(204, headers);
response.end();
break;
case "POST":
// console.log("Request coming in:", body);
Expand Down Expand Up @@ -67,12 +70,8 @@ module.exports = function(provider, logger) {

break;
default:
response.writeHead(400, {
"Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, User-Agent",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "*",
"Content-Type": "text/plain"
});
headers["Content-Type"] = "text/plain";
response.writeHead(400, headers);
response.end("400 Bad Request");
break;
}
Expand Down
2 changes: 1 addition & 1 deletion npm-shrinkwrap.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

59 changes: 59 additions & 0 deletions test/cors.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
const assert = require("assert");
const Ganache = require("../index.js");
const request = require("request");
const pify = require("pify");

const customRequestHeader = "X-PINGOTHER";

function test(host, port) {
describe("CORS", () => {
it("should request headers equals to response headers in a preflight request", (done) => {
let req = request.options(
{
url: "http://" + host + ":" + port,
headers: {
"Access-Control-Request-Headers": customRequestHeader
}
},
function(error, response) {
if (error) {
return done(error);
}

let allowHeader = "";

if (response.headers.hasOwnProperty("access-control-allow-headers")) {
allowHeader = response.headers["access-control-allow-headers"];
}

assert.strictEqual(
allowHeader,
customRequestHeader,
"Access-Control-Allow-Headers should be equals to Access-Control-Request-Headers"
);

done();
}
);

req.destroy();
});
});
}

describe("HTTP Server:", function() {
const host = "localhost";
const port = 12345;
let server;

before("Initialize Ganache server", async function() {
server = Ganache.server();
await pify(server.listen)(port);
});

after("Shutdown server", async function() {
await pify(server.close)();
});

test(host, port);
});