@middy/http-cors
Advanced tools
@middy/http-cors - npm Package Compare versions
Comparing version 1.0.0-alpha.8 to 1.0.0-alpha.9
@@ -80,2 +80,52 @@ const middy = require('../../core') | ||
| test('It should return whitelisted origin', () => { | ||
| const handler = middy((event, context, cb) => { | ||
| cb(null, {}) | ||
| }) | ||
| handler.use( | ||
| cors({ | ||
| origins: ['https://example.com', 'https://another-example.com'] | ||
| }) | ||
| ) | ||
| const event = { | ||
| httpMethod: 'GET', | ||
| headers: { Origin: 'https://another-example.com' } | ||
| } | ||
| handler(event, {}, (_, response) => { | ||
| expect(response).toEqual({ | ||
| headers: { | ||
| 'Access-Control-Allow-Origin': 'https://another-example.com' | ||
| } | ||
| }) | ||
| }) | ||
| }) | ||
| test('It should return first origin as default if no match', () => { | ||
| const handler = middy((event, context, cb) => { | ||
| cb(null, {}) | ||
| }) | ||
| handler.use( | ||
| cors({ | ||
| origins: ['https://example.com', 'https://another-example.com'] | ||
| }) | ||
| ) | ||
| const event = { | ||
| httpMethod: 'GET', | ||
| headers: { Origin: 'https://unknown.com' } | ||
| } | ||
| handler(event, {}, (_, response) => { | ||
| expect(response).toEqual({ | ||
| headers: { | ||
| 'Access-Control-Allow-Origin': 'https://example.com' | ||
| } | ||
| }) | ||
| }) | ||
| }) | ||
| test('It should add headers even onError', () => { | ||
@@ -82,0 +132,0 @@ const handler = middy((event, context, cb) => { |
@@ -5,2 +5,3 @@ import middy from '../core' | ||
| origin: string; | ||
| origins?: string[]; | ||
| headers: string; | ||
@@ -7,0 +8,0 @@ credentials: boolean; |
17
index.js
@@ -9,8 +9,15 @@ const defaults = { | ||
| handler.event.headers = handler.event.headers || {} | ||
| const origin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
| if (options.credentials && options.origin === '*' && origin) { | ||
| return origin | ||
| const incomingOrigin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
| if (options.origins && options.origins.length > 0) { | ||
| if (incomingOrigin && options.origins.includes(incomingOrigin)) { | ||
| return incomingOrigin | ||
| } else { | ||
| return options.origins[0] | ||
| } | ||
| } else { | ||
| if (incomingOrigin && options.credentials && options.origin === '*') { | ||
| return incomingOrigin | ||
| } | ||
| return options.origin | ||
| } | ||
| return options.origin | ||
| } | ||
@@ -17,0 +24,0 @@ |
| { | ||
| "name": "@middy/http-cors", | ||
| "version": "1.0.0-alpha.8", | ||
| "version": "1.0.0-alpha.9", | ||
| "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework", | ||
@@ -5,0 +5,0 @@ "engines": { |
@@ -48,2 +48,3 @@ # Middy CORS middleware | ||
| - `origin` (string) (optional): origin to put in the header (default: "`*`") | ||
| - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present. | ||
| - `headers` (string) (optional): value to put in Access-Control-Allow-Headers (default: `null`) | ||
@@ -50,0 +51,0 @@ - `credentials` (bool) (optional): if true, sets the `Access-Control-Allow-Origin` as request header `Origin`, if present (default `false`) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by11.91%
14337
- Lines of code
- increased by15.89%
372
- Number of lines in readme file
- increased by1.14%
89