fastify-cors
Advanced tools
Comparing version
@@ -213,2 +213,3 @@ 'use strict' | ||
} else if (allowedOrigin instanceof RegExp) { | ||
allowedOrigin.lastIndex = 0 | ||
return allowedOrigin.test(reqOrigin) | ||
@@ -215,0 +216,0 @@ } else { |
{ | ||
"name": "fastify-cors", | ||
"version": "6.0.2", | ||
"version": "6.0.3", | ||
"description": "Fastify CORS", | ||
@@ -36,5 +36,5 @@ "main": "index.js", | ||
"devDependencies": { | ||
"@types/node": "^16.0.0", | ||
"@typescript-eslint/eslint-plugin": "^4.0.0", | ||
"@typescript-eslint/parser": "^4.1.1", | ||
"@types/node": "^17.0.0", | ||
"@typescript-eslint/eslint-plugin": "^5.12.1", | ||
"@typescript-eslint/parser": "^5.12.1", | ||
"cors": "^2.8.5", | ||
@@ -44,3 +44,3 @@ "fastify": "^3.8.0", | ||
"tap": "^15.0.2", | ||
"tsd": "^0.17.0", | ||
"tsd": "^0.19.0", | ||
"typescript": "^4.0.2" | ||
@@ -47,0 +47,0 @@ }, |
@@ -46,3 +46,4 @@ # fastify-cors | ||
origin: (origin, cb) => { | ||
if(/localhost/.test(origin)){ | ||
const hostname = new URL(origin).hostname | ||
if(hostname === "localhost"){ | ||
// Request from localhost will pass | ||
@@ -72,11 +73,16 @@ cb(null, true) | ||
fastify.register(require('fastify-cors'), (instance) => (req, callback) => { | ||
let corsOptions; | ||
// do not include CORS headers for requests from localhost | ||
if (/localhost/.test(origin)) { | ||
corsOptions = { origin: false } | ||
} else { | ||
corsOptions = { origin: true } | ||
fastify.register(require('fastify-cors'), function (instance) { | ||
return (req, callback) => { | ||
let corsOptions; | ||
const origin = req.headers.origin | ||
// do not include CORS headers for requests from localhost | ||
const hostname = new URL(origin).hostname | ||
if(hostname === "localhost"){ | ||
corsOptions = { origin: false } | ||
} else { | ||
corsOptions = { origin: true } | ||
} | ||
callback(null, corsOptions) // callback expects two parameters: error and options | ||
} | ||
callback(null, corsOptions) // callback expects two parameters: error and options | ||
}) | ||
@@ -83,0 +89,0 @@ |
@@ -634,6 +634,6 @@ 'use strict' | ||
test('Allow only request from a specific origin using regex', t => { | ||
t.plan(4) | ||
t.plan(8) | ||
const fastify = Fastify() | ||
fastify.register(cors, { origin: /^(example|other)\.com/ }) | ||
fastify.register(cors, { origin: /(example|other)\.com/gi }) | ||
@@ -644,16 +644,21 @@ fastify.get('/', (req, reply) => { | ||
fastify.inject({ | ||
method: 'GET', | ||
url: '/', | ||
headers: { origin: 'example.com' } | ||
}, (err, res) => { | ||
t.error(err) | ||
delete res.headers.date | ||
t.equal(res.statusCode, 200) | ||
t.equal(res.payload, 'ok') | ||
t.match(res.headers, { | ||
'access-control-allow-origin': 'example.com', | ||
vary: 'Origin' | ||
// .test was previously used, which caused 2 consecutive requests to return | ||
// different results with global (e.g. /g) regexes. Therefore, check this | ||
// twice to check consistency | ||
for (let i = 0; i < 2; i++) { | ||
fastify.inject({ | ||
method: 'GET', | ||
url: '/', | ||
headers: { origin: 'https://www.example.com/' } | ||
}, (err, res) => { | ||
t.error(err) | ||
delete res.headers.date | ||
t.equal(res.statusCode, 200) | ||
t.equal(res.payload, 'ok') | ||
t.match(res.headers, { | ||
'access-control-allow-origin': 'https://www.example.com/', | ||
vary: 'Origin' | ||
}) | ||
}) | ||
}) | ||
} | ||
}) | ||
@@ -660,0 +665,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
56792
1.09%1583
0.38%103
6.19%1
Infinity%