@middy/http-cors
Advanced tools
Comparing version 1.0.0-alpha.8 to 1.0.0-alpha.9
@@ -80,2 +80,52 @@ const middy = require('../../core') | ||
test('It should return whitelisted origin', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
origins: ['https://example.com', 'https://another-example.com'] | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET', | ||
headers: { Origin: 'https://another-example.com' } | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://another-example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should return first origin as default if no match', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
origins: ['https://example.com', 'https://another-example.com'] | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET', | ||
headers: { Origin: 'https://unknown.com' } | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should add headers even onError', () => { | ||
@@ -82,0 +132,0 @@ const handler = middy((event, context, cb) => { |
@@ -5,2 +5,3 @@ import middy from '../core' | ||
origin: string; | ||
origins?: string[]; | ||
headers: string; | ||
@@ -7,0 +8,0 @@ credentials: boolean; |
17
index.js
@@ -9,8 +9,15 @@ const defaults = { | ||
handler.event.headers = handler.event.headers || {} | ||
const origin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
if (options.credentials && options.origin === '*' && origin) { | ||
return origin | ||
const incomingOrigin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
if (options.origins && options.origins.length > 0) { | ||
if (incomingOrigin && options.origins.includes(incomingOrigin)) { | ||
return incomingOrigin | ||
} else { | ||
return options.origins[0] | ||
} | ||
} else { | ||
if (incomingOrigin && options.credentials && options.origin === '*') { | ||
return incomingOrigin | ||
} | ||
return options.origin | ||
} | ||
return options.origin | ||
} | ||
@@ -17,0 +24,0 @@ |
{ | ||
"name": "@middy/http-cors", | ||
"version": "1.0.0-alpha.8", | ||
"version": "1.0.0-alpha.9", | ||
"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework", | ||
@@ -5,0 +5,0 @@ "engines": { |
@@ -48,2 +48,3 @@ # Middy CORS middleware | ||
- `origin` (string) (optional): origin to put in the header (default: "`*`") | ||
- `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present. | ||
- `headers` (string) (optional): value to put in Access-Control-Allow-Headers (default: `null`) | ||
@@ -50,0 +51,0 @@ - `credentials` (bool) (optional): if true, sets the `Access-Control-Allow-Origin` as request header `Origin`, if present (default `false`) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
14337
372
89