Skip to content

Commit

Permalink
fix: add normalizeCorsOptions and handle wildcards in origin parameter (
Browse files Browse the repository at this point in the history
  • Loading branch information
Uzlopak authored Mar 14, 2023
1 parent 3021936 commit 365a08e
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 7 deletions.
19 changes: 12 additions & 7 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ function fastifyCors (fastify, opts, next) {
handleCorsOptionsDelegator(delegator, fastify, options, next)
} else {
if (opts.hideOptionsRoute !== undefined) hideOptionsRoute = opts.hideOptionsRoute
const corsOptions = Object.assign({}, defaultOptions, opts)
const corsOptions = normalizeCorsOptions(opts)
validateHook(corsOptions.hook, next)
if (hookWithPayload.indexOf(corsOptions.hook) !== -1) {
fastify.addHook(corsOptions.hook, function handleCors (req, reply, payload, next) {
Expand Down Expand Up @@ -104,8 +104,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
fastify.addHook(hook, function handleCors (req, reply, payload, next) {
const ret = optionsResolver(req)
if (ret && typeof ret.then === 'function') {
ret.then(options => Object.assign({}, defaultOptions, options))
.then(corsOptions => addCorsHeadersHandler(fastify, corsOptions, req, reply, next)).catch(next)
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
return
}
next(new Error('Invalid CORS origin option'))
Expand All @@ -115,8 +114,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
fastify.addHook(hook, function handleCors (req, reply, next) {
const ret = optionsResolver(req)
if (ret && typeof ret.then === 'function') {
ret.then(options => Object.assign({}, defaultOptions, options))
.then(corsOptions => addCorsHeadersHandler(fastify, corsOptions, req, reply, next)).catch(next)
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
return
}
next(new Error('Invalid CORS origin option'))
Expand All @@ -130,12 +128,19 @@ function handleCorsOptionsCallbackDelegator (optionsResolver, fastify, req, repl
if (err) {
next(err)
} else {
const corsOptions = Object.assign({}, defaultOptions, options)
addCorsHeadersHandler(fastify, corsOptions, req, reply, next)
addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)
}
})
}

function normalizeCorsOptions (opts) {
const corsOptions = Object.assign({}, defaultOptions, opts)
if (Array.isArray(opts.origin) && opts.origin.indexOf('*') !== -1) {
corsOptions.origin = '*'
}
return corsOptions
}

function addCorsHeadersHandler (fastify, options, req, reply, next) {
// Always set Vary header
// https://github.com/rs/cors/issues/10
Expand Down
42 changes: 42 additions & 0 deletions test/cors.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -825,3 +825,45 @@ test('Allow only request from with specific headers', t => {
})
})
})

test('Should support wildcard config /1', t => {
t.plan(4)

const fastify = Fastify()
fastify.register(cors, { origin: '*' })

fastify.get('/', (req, reply) => {
reply.send('ok')
})

fastify.inject({
method: 'GET',
url: '/'
}, (err, res) => {
t.error(err)
t.equal(res.statusCode, 200)
t.equal(res.payload, 'ok')
t.equal(res.headers['access-control-allow-origin'], '*')
})
})

test('Should support wildcard config /2', t => {
t.plan(4)

const fastify = Fastify()
fastify.register(cors, { origin: ['*'] })

fastify.get('/', (req, reply) => {
reply.send('ok')
})

fastify.inject({
method: 'GET',
url: '/'
}, (err, res) => {
t.error(err)
t.equal(res.statusCode, 200)
t.equal(res.payload, 'ok')
t.equal(res.headers['access-control-allow-origin'], '*')
})
})

0 comments on commit 365a08e

Please sign in to comment.