Skip to content

Commit

Permalink
Merge pull request #106 from artlogic/cors-header
Browse files Browse the repository at this point in the history 
CORS - configurable Access-Control-Allow-Headers
  • Loading branch information
@yakovkhalinsky
yakovkhalinsky committed Dec 2, 2015
2 parents 8d3e2b1 + d072340 commit 7fea735
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 3 deletions.
10 changes: 10 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,16 @@ For HTTP methods such as DELETE, you may want Drakov to return them in the appro

`drakov -f "../com/foo/contracts/*.md" --method DELETE --method OPTIONS`

## Allow Headers Header

For HTTP headers such as Authorization, you may want Drakov to return them in the appropriate methods allow header. You can do this using the `--header` argument

`drakov -f "../com/foo/contracts/*.md" --header Authorization`

`drakov -f "../com/foo/contracts/*.md" --header Authorization --header X-Csrf-Token`

Drakov includes many headers by default: `Origin, X-Requested-With, Content-Type, Accept` when CORS is enabled.


## Using as a Node.js module

Expand Down
3 changes: 3 additions & 0 deletions lib/arguments/arguments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ module.exports = {
method: {
description: 'Add method to Access-Control-Allow-Methods response header'
},
header: {
description: 'Add header to Access-Control-Allow-Headers response header'
},
public: {
description: 'Allow external requests',
default: false
Expand Down
2 changes: 1 addition & 1 deletion lib/middleware/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ var bootstrapMiddleware = function(app, argv) {
if (argv.staticPaths) {
staticMiddleware.setupRoutes(app, argv.staticPaths, argv.pathDelimiter);
}
app.use(responseUtils.corsHeaders(argv.disableCORS));
app.use(responseUtils.corsHeaders(argv.disableCORS, argv.header));
app.use(responseUtils.delayedResponse(argv.delay));
app.use(responseUtils.allowMethods(argv.method));
};
Expand Down
10 changes: 8 additions & 2 deletions lib/middleware/response.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,18 @@ exports.drakovHeaders = function(req, res, next) {
next();
};

exports.corsHeaders = function(disableCORS) {
exports.corsHeaders = function(disableCORS, allowHeaders) {
return function(req, res, next) {
if (!disableCORS) {
res.set('Access-Control-Allow-Origin', req.headers.origin || '*');
res.set('Access-Control-Allow-Credentials', 'true');
res.set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');

if (allowHeaders) {
var headers = Array.isArray(allowHeaders) ? allowHeaders.join(',') : allowHeaders;
res.set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, ' + headers);
} else {
res.set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
}
}
next();
};
Expand Down
26 changes: 26 additions & 0 deletions test/api/headers-allow-headers-test.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
var helper = require('../lib');
var request = helper.getRequest();

describe('HEADERS', function(){

before(function (done) {
helper.drakov.run({sourceFiles: 'test/example/md/headers.md', header: ['Authorization']}, done);
});

after(function (done) {
helper.drakov.stop(done);
});

describe('/headers', function(){

describe('DELETE', function(){
it('should respond with HTTP 200 and Access-Control-Allow-Headers', function(done){
request.delete('/headers')
.expect(200)
.expect('Access-Control-Allow-Headers', /Authorization/)
.end(helper.endCb(done));
});
});
});

});

0 comments on commit 7fea735

Please sign in to comment.