Socket
Socket
Sign inDemoInstall

middy

Package Overview
Dependencies
Maintainers
8
Versions
147
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

middy - npm Package Compare versions

Comparing version 0.9.6 to 0.10.0

2

package.json
{
"name": "middy",
"version": "0.9.6",
"version": "0.10.0",
"description": "🛵 The stylish Node.js middleware engine for AWS Lambda",

@@ -5,0 +5,0 @@ "main": "./index.js",

190

src/middlewares/__tests__/cors.js

@@ -61,5 +61,7 @@ const middy = require('../../middy')

handler.use(cors({
origin: 'https://example.com'
}))
handler.use(
cors({
origin: 'https://example.com'
})
)

@@ -84,4 +86,39 @@ const event = {

handler.use(
cors({
origin: 'https://example.com'
})
)
const event = {
httpMethod: 'GET'
}
handler(event, {}, (_, response) => {
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': 'https://example.com'
}
})
})
})
test('It should not override already declared Access-Control-Allow-Headers header', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
// other middleware that puts the cors header
handler.use({
after: (handler, next) => {
handler.response = {
headers: {
'Access-Control-Allow-Headers': 'x-example'
}
}
next()
}
})
handler.use(cors({
origin: 'https://example.com'
headers: 'x-example-2'
}))

@@ -96,3 +133,4 @@

headers: {
'Access-Control-Allow-Origin': 'https://example.com'
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'x-example'
}

@@ -102,2 +140,144 @@ })

})
test('It should use allowed headers specified in options', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(
cors({
headers: 'x-example'
})
)
const event = {
httpMethod: 'GET'
}
handler(event, {}, (_, response) => {
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'x-example'
}
})
})
})
test('It should not override already declared Access-Control-Allow-Credentials header as false', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
// other middleware that puts the cors header
handler.use({
after: (handler, next) => {
handler.response = {
headers: {
'Access-Control-Allow-Credentials': 'false'
}
}
next()
}
})
handler.use(
cors({
credentials: true
})
)
const event = {
httpMethod: 'GET'
}
handler(event, {}, (_, response) => {
expect(response).toEqual({
headers: {
'Access-Control-Allow-Credentials': 'false',
'Access-Control-Allow-Origin': '*'
}
})
})
})
test('It should not override already declared Access-Control-Allow-Credentials header as true', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
// other middleware that puts the cors header
handler.use({
after: (handler, next) => {
handler.response = {
headers: {
'Access-Control-Allow-Credentials': 'true'
}
}
next()
}
})
handler.use(
cors({
credentials: false
})
)
const event = {
httpMethod: 'GET',
headers: {
Origin: 'http://example.com'
}
}
handler(event, {}, (_, response) => {
expect(response).toEqual({
headers: {
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Origin': 'http://example.com'
}
})
})
})
test('It should use change credentials as specified in options (true)', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(
cors({
credentials: true
})
)
const event = {
httpMethod: 'GET',
headers: {
Origin: 'http://example.com'
}
}
handler(event, {}, (_, response) => {
expect(response).toEqual({
headers: {
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Origin': 'http://example.com'
}
})
})
})
test('It should not change anything if HTTP method is not present in the request', () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(cors())
const event = {}
handler(event, {}, (_, response) => {
expect(response).toEqual({})
})
})
})

31

src/middlewares/cors.js
const defaults = {
origin: '*'
origin: '*',
headers: null,
credentials: false
}
function addCorsHeaders (opts, handler, next) {
const getOrigin = (options, handler) => {
handler.event.headers = handler.event.headers || {}
if (options.credentials && options.origin === '*' && handler.event.headers.hasOwnProperty('Origin')) {
return handler.event.headers.Origin
}
return options.origin
}
const addCorsHeaders = (opts, handler, next) => {
const options = Object.assign({}, defaults, opts)

@@ -12,4 +23,18 @@

// Check if already setup Access-Control-Allow-Headers
if (options.headers !== null && !handler.response.headers.hasOwnProperty('Access-Control-Allow-Headers')) {
handler.response.headers['Access-Control-Allow-Headers'] = options.headers
}
// Check if already setup the header Access-Control-Allow-Credentials
if (handler.response.headers.hasOwnProperty('Access-Control-Allow-Credentials')) {
options.credentials = JSON.parse(handler.response.headers['Access-Control-Allow-Credentials'])
}
if (options.credentials) {
handler.response.headers['Access-Control-Allow-Credentials'] = String(options.credentials)
}
// Check if already setup the header Access-Control-Allow-Origin
if (!handler.response.headers.hasOwnProperty('Access-Control-Allow-Origin')) {
handler.response.headers['Access-Control-Allow-Origin'] = options.origin
handler.response.headers['Access-Control-Allow-Origin'] = getOrigin(options, handler)
}

@@ -16,0 +41,0 @@ }

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc