@middy/http-cors - npm Package Compare versions

Comparing version 1.0.0-alpha.36 to 1.0.0-alpha.37

__tests__/index.js

@@ -56,2 +56,51 @@ const middy = require('../../core')
 
+  test('It should use custom getOrigin', () => {
+    const handler = middy((event, context, cb) => {
+      cb(null, {})
+    })
+
+    handler.use(
+      cors({
+        getOrigin: () => 'https://species.com'
+      })
+    )
+
+    const event = {
+      httpMethod: 'GET'
+    }
+
+    handler(event, {}, (_, response) => {
+      expect(response).toEqual({
+        headers: {
+          'Access-Control-Allow-Origin': 'https://example.com'
+        }
+      })
+    })
+  })
+
+  test('It should use pass incoming origin to custom getOrigin', () => {
+    const handler = middy((event, context, cb) => {
+      cb(null, {})
+    })
+
+    handler.use(
+      cors({
+        getOrigin: (incomingOrigin, options) => incomingOrigin
+      })
+    )
+
+    const event = {
+      httpMethod: 'GET',
+      headers: { Origin: 'https://incoming.com' }
+    }
+
+    handler(event, {}, (_, response) => {
+      expect(response).toEqual({
+        headers: {
+          'Access-Control-Allow-Origin': 'https://incoming.com'
+        }
+      })
+    })
+  })
+
   test('It should use origin specified in options', () => {
@@ -58,0 +107,0 @@ const handler = middy((event, context, cb) => {

index.js

@@ -1,10 +0,2 @@
-const defaults = {
-  origin: '*',
-  headers: null,
-  credentials: false
-}
-
-const getOrigin = (options, handler) => {
-  handler.event.headers = handler.event.headers || {}
-  const incomingOrigin = handler.event.headers['origin'] || handler.event.headers['Origin']
+const getOrigin = (incomingOrigin, options) => {
   if (options.origins && options.origins.length > 0) {
@@ -24,2 +16,9 @@ if (incomingOrigin && options.origins.includes(incomingOrigin)) {
 
+const defaults = {
+  getOrigin,
+  origin: '*',
+  headers: null,
+  credentials: false
+}
+
 const addCorsHeaders = (opts, handler, next) => {
@@ -47,3 +46,5 @@ const options = Object.assign({}, defaults, opts)
     if (!handler.response.headers.hasOwnProperty('Access-Control-Allow-Origin')) {
-      handler.response.headers['Access-Control-Allow-Origin'] = getOrigin(options, handler)
+      const headers = handler.event.headers || {}
+      const incomingOrigin = headers['origin'] || headers['Origin']
+      handler.response.headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options)
     }
@@ -50,0 +51,0 @@ }

package.json

 {
   "name": "@middy/http-cors",
-  "version": "1.0.0-alpha.36",
+  "version": "1.0.0-alpha.37",
   "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
@@ -44,3 +44,3 @@ "engines": {
   },
-  "gitHead": "c2acab65cae339b9fc105e1799f849d6515e8244"
+  "gitHead": "a8f4b5469aabe575c51224ebbaaa3e9175212627"
 }

README.md

@@ -47,2 +47,3 @@ # Middy CORS middleware
 
+ - `getOrigin` (function(incomingOrigin:string, options)) (optional): take full control of the generating the returned origin. Defaults to using the origin or origins option.
  - `origin` (string) (optional): origin to put in the header (default: "`*`")
@@ -49,0 +50,0 @@ - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

18432

increased by6.94%

Lines of code

446

increased by10.4%

Number of lines in readme file

114

increased by0.88%

No dependency changes