Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vary origin on delegated options #292

Merged
merged 3 commits into from
Jan 27, 2024
Merged

vary origin on delegated options #292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c83e9f4
vary on delegated options
laat Jan 27, 2024
69346b2
DRY
laat Jan 27, 2024
556a628
reviewed
laat Jan 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
fastify.addHook(hook, function handleCors (req, reply, payload, next) {
const ret = optionsResolver(req)
if (ret && typeof ret.then === 'function') {
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options, true), req, reply, next)).catch(next)
return
}
next(new Error('Invalid CORS origin option'))
Expand All @@ -114,7 +114,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
fastify.addHook(hook, function handleCors (req, reply, next) {
const ret = optionsResolver(req)
if (ret && typeof ret.then === 'function') {
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options, true), req, reply, next)).catch(next)
return
}
next(new Error('Invalid CORS origin option'))
Expand All @@ -128,15 +128,15 @@ function handleCorsOptionsCallbackDelegator (optionsResolver, fastify, req, repl
if (err) {
next(err)
} else {
addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)
addCorsHeadersHandler(fastify, normalizeCorsOptions(options, true), req, reply, next)
}
})
}

/**
* @param {import('./types').FastifyCorsOptions} opts
*/
function normalizeCorsOptions (opts) {
function normalizeCorsOptions (opts, dynamic) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

function normalizeCorsOptions (opts, dynamic = false) {

const corsOptions = { ...defaultOptions, ...opts }
if (Array.isArray(opts.origin) && opts.origin.indexOf('*') !== -1) {
corsOptions.origin = '*'
Expand All @@ -148,11 +148,12 @@ function normalizeCorsOptions (opts) {
// strings are applied directly and any other value is ignored
corsOptions.cacheControl = null
}
corsOptions.dynamic = dynamic || false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Late to the party:
why didn't we set it during the declaration?

return corsOptions
}

function addCorsHeadersHandler (fastify, options, req, reply, next) {
laat marked this conversation as resolved.
Show resolved Hide resolved
if (typeof options.origin !== 'string' && options.origin !== false) {
if ((typeof options.origin !== 'string' && options.origin !== false) || options.dynamic) {
// Always set Vary header for non-static origin option
// https://fetch.spec.whatwg.org/#cors-protocol-and-http-caches
addOriginToVaryHeader(reply)
Expand Down
24 changes: 12 additions & 12 deletions test/cors.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ test('Should add cors headers (custom values)', t => {
})

test('Should support dynamic config (callback)', t => {
t.plan(18)
t.plan(16)

const configs = [{
origin: 'example.com',
Expand Down Expand Up @@ -177,9 +177,9 @@ test('Should support dynamic config (callback)', t => {
'access-control-allow-origin': 'example.com',
'access-control-allow-credentials': 'true',
'access-control-expose-headers': 'foo, bar',
'content-length': '2'
'content-length': '2',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -202,9 +202,9 @@ test('Should support dynamic config (callback)', t => {
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'cache-control': '456',
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -221,7 +221,7 @@ test('Should support dynamic config (callback)', t => {
})

test('Should support dynamic config (Promise)', t => {
t.plan(26)
t.plan(23)

const configs = [{
origin: 'example.com',
Expand Down Expand Up @@ -282,9 +282,9 @@ test('Should support dynamic config (Promise)', t => {
'access-control-allow-origin': 'example.com',
'access-control-allow-credentials': 'true',
'access-control-expose-headers': 'foo, bar',
'content-length': '2'
'content-length': '2',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -306,9 +306,9 @@ test('Should support dynamic config (Promise)', t => {
'access-control-allow-methods': 'GET',
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
t.equal(res.headers['cache-control'], undefined, 'cache-control omitted (invalid value)')
})

Expand All @@ -332,9 +332,9 @@ test('Should support dynamic config (Promise)', t => {
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'cache-control': 'public, max-age=456', // cache-control included (custom string)
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand Down
30 changes: 15 additions & 15 deletions test/hooks.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ test('Should set hook preSerialization if hook option is set to preSerialization
})

test('Should support custom hook with dynamic config', t => {
t.plan(18)
t.plan(16)

const configs = [{
origin: 'example.com',
Expand Down Expand Up @@ -375,9 +375,9 @@ test('Should support custom hook with dynamic config', t => {
'access-control-allow-origin': 'example.com',
'access-control-allow-credentials': 'true',
'access-control-expose-headers': 'foo, bar',
'content-length': '2'
'content-length': '2',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -399,9 +399,9 @@ test('Should support custom hook with dynamic config', t => {
'access-control-allow-methods': 'GET',
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -418,7 +418,7 @@ test('Should support custom hook with dynamic config', t => {
})

test('Should support custom hook with dynamic config (callback)', t => {
t.plan(18)
t.plan(16)

const configs = [{
origin: 'example.com',
Expand Down Expand Up @@ -472,9 +472,9 @@ test('Should support custom hook with dynamic config (callback)', t => {
'access-control-allow-origin': 'example.com',
'access-control-allow-credentials': 'true',
'access-control-expose-headers': 'foo, bar',
'content-length': '2'
'content-length': '2',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -496,9 +496,9 @@ test('Should support custom hook with dynamic config (callback)', t => {
'access-control-allow-methods': 'GET',
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -515,7 +515,7 @@ test('Should support custom hook with dynamic config (callback)', t => {
})

test('Should support custom hook with dynamic config (Promise)', t => {
t.plan(18)
t.plan(16)

const configs = [{
origin: 'example.com',
Expand Down Expand Up @@ -570,9 +570,9 @@ test('Should support custom hook with dynamic config (Promise)', t => {
'access-control-allow-origin': 'example.com',
'access-control-allow-credentials': 'true',
'access-control-expose-headers': 'foo, bar',
'content-length': '2'
'content-length': '2',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand All @@ -594,9 +594,9 @@ test('Should support custom hook with dynamic config (Promise)', t => {
'access-control-allow-methods': 'GET',
'access-control-allow-headers': 'baz, foo',
'access-control-max-age': '321',
'content-length': '0'
'content-length': '0',
vary: 'Origin'
})
t.notMatch(res.headers, { vary: 'Origin' })
})

fastify.inject({
Expand Down
Loading