Comparing version 0.9.6 to 0.10.0
{ | ||
"name": "middy", | ||
"version": "0.9.6", | ||
"version": "0.10.0", | ||
"description": "🛵 The stylish Node.js middleware engine for AWS Lambda", | ||
@@ -5,0 +5,0 @@ "main": "./index.js", |
@@ -61,5 +61,7 @@ const middy = require('../../middy') | ||
handler.use(cors({ | ||
origin: 'https://example.com' | ||
})) | ||
handler.use( | ||
cors({ | ||
origin: 'https://example.com' | ||
}) | ||
) | ||
@@ -84,4 +86,39 @@ const event = { | ||
handler.use( | ||
cors({ | ||
origin: 'https://example.com' | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET' | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should not override already declared Access-Control-Allow-Headers header', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
// other middleware that puts the cors header | ||
handler.use({ | ||
after: (handler, next) => { | ||
handler.response = { | ||
headers: { | ||
'Access-Control-Allow-Headers': 'x-example' | ||
} | ||
} | ||
next() | ||
} | ||
}) | ||
handler.use(cors({ | ||
origin: 'https://example.com' | ||
headers: 'x-example-2' | ||
})) | ||
@@ -96,3 +133,4 @@ | ||
headers: { | ||
'Access-Control-Allow-Origin': 'https://example.com' | ||
'Access-Control-Allow-Origin': '*', | ||
'Access-Control-Allow-Headers': 'x-example' | ||
} | ||
@@ -102,2 +140,144 @@ }) | ||
}) | ||
test('It should use allowed headers specified in options', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
headers: 'x-example' | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET' | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Origin': '*', | ||
'Access-Control-Allow-Headers': 'x-example' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should not override already declared Access-Control-Allow-Credentials header as false', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
// other middleware that puts the cors header | ||
handler.use({ | ||
after: (handler, next) => { | ||
handler.response = { | ||
headers: { | ||
'Access-Control-Allow-Credentials': 'false' | ||
} | ||
} | ||
next() | ||
} | ||
}) | ||
handler.use( | ||
cors({ | ||
credentials: true | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET' | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Credentials': 'false', | ||
'Access-Control-Allow-Origin': '*' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should not override already declared Access-Control-Allow-Credentials header as true', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
// other middleware that puts the cors header | ||
handler.use({ | ||
after: (handler, next) => { | ||
handler.response = { | ||
headers: { | ||
'Access-Control-Allow-Credentials': 'true' | ||
} | ||
} | ||
next() | ||
} | ||
}) | ||
handler.use( | ||
cors({ | ||
credentials: false | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET', | ||
headers: { | ||
Origin: 'http://example.com' | ||
} | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Credentials': 'true', | ||
'Access-Control-Allow-Origin': 'http://example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should use change credentials as specified in options (true)', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use( | ||
cors({ | ||
credentials: true | ||
}) | ||
) | ||
const event = { | ||
httpMethod: 'GET', | ||
headers: { | ||
Origin: 'http://example.com' | ||
} | ||
} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({ | ||
headers: { | ||
'Access-Control-Allow-Credentials': 'true', | ||
'Access-Control-Allow-Origin': 'http://example.com' | ||
} | ||
}) | ||
}) | ||
}) | ||
test('It should not change anything if HTTP method is not present in the request', () => { | ||
const handler = middy((event, context, cb) => { | ||
cb(null, {}) | ||
}) | ||
handler.use(cors()) | ||
const event = {} | ||
handler(event, {}, (_, response) => { | ||
expect(response).toEqual({}) | ||
}) | ||
}) | ||
}) |
const defaults = { | ||
origin: '*' | ||
origin: '*', | ||
headers: null, | ||
credentials: false | ||
} | ||
function addCorsHeaders (opts, handler, next) { | ||
const getOrigin = (options, handler) => { | ||
handler.event.headers = handler.event.headers || {} | ||
if (options.credentials && options.origin === '*' && handler.event.headers.hasOwnProperty('Origin')) { | ||
return handler.event.headers.Origin | ||
} | ||
return options.origin | ||
} | ||
const addCorsHeaders = (opts, handler, next) => { | ||
const options = Object.assign({}, defaults, opts) | ||
@@ -12,4 +23,18 @@ | ||
// Check if already setup Access-Control-Allow-Headers | ||
if (options.headers !== null && !handler.response.headers.hasOwnProperty('Access-Control-Allow-Headers')) { | ||
handler.response.headers['Access-Control-Allow-Headers'] = options.headers | ||
} | ||
// Check if already setup the header Access-Control-Allow-Credentials | ||
if (handler.response.headers.hasOwnProperty('Access-Control-Allow-Credentials')) { | ||
options.credentials = JSON.parse(handler.response.headers['Access-Control-Allow-Credentials']) | ||
} | ||
if (options.credentials) { | ||
handler.response.headers['Access-Control-Allow-Credentials'] = String(options.credentials) | ||
} | ||
// Check if already setup the header Access-Control-Allow-Origin | ||
if (!handler.response.headers.hasOwnProperty('Access-Control-Allow-Origin')) { | ||
handler.response.headers['Access-Control-Allow-Origin'] = options.origin | ||
handler.response.headers['Access-Control-Allow-Origin'] = getOrigin(options, handler) | ||
} | ||
@@ -16,0 +41,0 @@ } |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
115108
2747