Comparing version 0.0.4 to 0.0.5
@@ -74,2 +74,6 @@ /*jslint nodejs: true*/ | ||
res.header('Access-Control-Allow-Origin', origin); // required | ||
} | ||
// if this HTTP request is an *OPTIONS* request, short-circuit (if we're allowed to do so) rather than going to next middleware | ||
if(config.enablePreflight && 'OPTIONS' === req.method){ | ||
res.header('Access-Control-Allow-Methods', methods); // required | ||
@@ -85,6 +89,2 @@ if(headers && headers.length){ | ||
} | ||
} | ||
// if this HTTP request is an *OPTIONS* request, short-circuit (if we're allowed to do so) rather than going to next middleware | ||
if(config.enablePreflight && 'OPTIONS' === req.method){ | ||
res.send(204); | ||
@@ -91,0 +91,0 @@ }else{ |
{ | ||
"name": "cors" | ||
, "version": "0.0.4" | ||
, "version": "0.0.5" | ||
, "author": "Troy Goode <troygoode@gmail.com> (https://github.com/troygoode/)" | ||
@@ -5,0 +5,0 @@ , "description": "middleware for dynamically or statically enabling CORS in express/connect applications" |
@@ -91,3 +91,3 @@ /*jslint nodejs: true*/ | ||
it('no options enables default CORS to all origins and methods', function(done){ | ||
it('no options enables default CORS to all origins', function(done){ | ||
// arrange | ||
@@ -100,2 +100,24 @@ var req, res, next; | ||
res.header('Access-Control-Allow-Origin').should.equal('*'); | ||
should.not.exist(res.header('Access-Control-Allow-Methods')); | ||
done(); | ||
}; | ||
// act | ||
cors()(req, res, next); | ||
}); | ||
it('OPTION call with no options enables default CORS to all origins and methods', function(done){ | ||
// arrange | ||
var req, res, next; | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
res.send = function(code){ | ||
// assert | ||
code.should.equal(204); | ||
done(); | ||
}; | ||
next = function(){ | ||
// assert | ||
res.header('Access-Control-Allow-Origin').should.equal('*'); | ||
res.header('Access-Control-Allow-Methods').should.equal('GET,PUT,POST,DELETE'); | ||
@@ -121,3 +143,9 @@ done(); | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
res.send = function(code){ | ||
// assert | ||
code.should.equal(204); | ||
done(); | ||
}; | ||
next = function(){ | ||
@@ -223,3 +251,9 @@ // assert | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
res.send = function(code){ | ||
// assert | ||
code.should.equal(204); | ||
done(); | ||
}; | ||
next = function(){ | ||
@@ -241,3 +275,9 @@ // assert | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
res.send = function(code){ | ||
// assert | ||
code.should.equal(204); | ||
done(); | ||
}; | ||
next = function(){ | ||
@@ -260,4 +300,5 @@ // assert | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
next = function(){ | ||
res.send = function(){ | ||
// assert | ||
@@ -269,3 +310,3 @@ res.header('Access-Control-Allow-Headers').should.equal('header1,header2'); | ||
// act | ||
cors(options)(req, res, next); | ||
cors(options)(req, res, null); | ||
}); | ||
@@ -297,4 +338,5 @@ | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
next = function(){ | ||
res.send = function(){ | ||
// assert | ||
@@ -306,3 +348,3 @@ res.header('Access-Control-Allow-Headers').should.equal('requestedHeader1,requestedHeader2'); | ||
// act | ||
cors(options)(req, res, next); | ||
cors(options)(req, res, null); | ||
}); | ||
@@ -317,7 +359,7 @@ | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
next = function(){ | ||
res.send = function(){ | ||
// assert | ||
res.header('Access-Control-Allow-Credentials').should.equal('true'); | ||
//should.not.exist(res.header('Access-Control-Allow-Credentials')); | ||
done(); | ||
@@ -327,3 +369,3 @@ }; | ||
// act | ||
cors(options)(req, res, next); | ||
cors(options)(req, res, null); | ||
}); | ||
@@ -355,4 +397,5 @@ | ||
req = fakeRequest(); | ||
req.method = 'OPTIONS'; | ||
res = fakeResponse(); | ||
next = function(){ | ||
res.send = function(code){ | ||
// assert | ||
@@ -364,3 +407,3 @@ res.header('Access-Control-Allow-Max-Age').should.equal('456'); | ||
// act | ||
cors(options)(req, res, next); | ||
cors(options)(req, res, null); | ||
}); | ||
@@ -367,0 +410,0 @@ |
20912
493