@middy/http-cors
Advanced tools
Comparing version 1.0.0-alpha.36 to 1.0.0-alpha.37
@@ -56,2 +56,51 @@ const middy = require('../../core') | ||
test('It should use custom getOrigin', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
getOrigin: () => 'https://species.com' | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET' | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should use pass incoming origin to custom getOrigin', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
getOrigin: (incomingOrigin, options) => incomingOrigin | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET', | ||
headers: { Origin: 'https://incoming.com' } | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://incoming.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should use origin specified in options', () => { | ||
@@ -58,0 +107,0 @@ const handler = middy((event, context, cb) => { |
21
index.js
@@ -1,10 +0,2 @@ | ||
const defaults = { | ||
origin: '*', | ||
headers: null, | ||
credentials: false | ||
} | ||
const getOrigin = (options, handler) => { | ||
handler.event.headers = handler.event.headers || {} | ||
const incomingOrigin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
const getOrigin = (incomingOrigin, options) => { | ||
if (options.origins && options.origins.length > 0) { | ||
@@ -24,2 +16,9 @@ if (incomingOrigin && options.origins.includes(incomingOrigin)) { | ||
const defaults = { | ||
getOrigin, | ||
origin: '*', | ||
headers: null, | ||
credentials: false | ||
} | ||
const addCorsHeaders = (opts, handler, next) => { | ||
@@ -47,3 +46,5 @@ const options = Object.assign({}, defaults, opts) | ||
if (!handler.response.headers.hasOwnProperty('Access-Control-Allow-Origin')) { | ||
handler.response.headers['Access-Control-Allow-Origin'] = getOrigin(options, handler) | ||
const headers = handler.event.headers || {} | ||
const incomingOrigin = headers['origin'] || headers['Origin'] | ||
handler.response.headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options) | ||
} | ||
@@ -50,0 +51,0 @@ } |
{ | ||
"name": "@middy/http-cors", | ||
"version": "1.0.0-alpha.36", | ||
"version": "1.0.0-alpha.37", | ||
"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework", | ||
@@ -44,3 +44,3 @@ "engines": { | ||
}, | ||
"gitHead": "c2acab65cae339b9fc105e1799f849d6515e8244" | ||
"gitHead": "a8f4b5469aabe575c51224ebbaaa3e9175212627" | ||
} |
@@ -47,2 +47,3 @@ # Middy CORS middleware | ||
- `getOrigin` (function(incomingOrigin:string, options)) (optional): take full control of the generating the returned origin. Defaults to using the origin or origins option. | ||
- `origin` (string) (optional): origin to put in the header (default: "`*`") | ||
@@ -49,0 +50,0 @@ - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present. |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
18432
446
114