feat: server client bundles with CORS headers

socketio · Jun 20, 2023 · a679092 · a679092
1 parent a250e28
commit a679092
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 2 deletions.
diff --git a/lib/index.ts b/lib/index.ts
@@ -40,6 +40,7 @@ import {
   SecondArg,
 } from "./typed-events";
 import { patchAdapter, restoreAdapter, serveFile } from "./uws";
+import corsMiddleware from "cors";
 
 const debug = debugModule("socket.io:server");
 
@@ -202,6 +203,11 @@ export class Server<
    */
   _connectTimeout: number;
   private httpServer: http.Server | HTTPSServer | Http2SecureServer;
+  private _corsMiddleware: (
+    req: http.IncomingMessage,
+    res: http.ServerResponse,
+    next: () => void
+  ) => void;
 
   /**
    * Server constructor.
@@ -267,6 +273,10 @@ export class Server<
       this.attach(
         srv as http.Server | HTTPSServer | Http2SecureServer | number
       );
+
+    if (this.opts.cors) {
+      this._corsMiddleware = corsMiddleware(this.opts.cors);
+    }
   }
 
   get _opts() {
@@ -548,7 +558,13 @@ export class Server<
     srv.removeAllListeners("request");
     srv.on("request", (req, res) => {
       if (this.clientPathRegex.test(req.url!)) {
-        this.serve(req, res);
+        if (this._corsMiddleware) {
+          this._corsMiddleware(req, res, () => {
+            this.serve(req, res);
+          });
+        } else {
+          this.serve(req, res);
+        }
       } else {
         for (let i = 0; i < evs.length; i++) {
           evs[i].call(srv, req, res);

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -48,6 +48,7 @@
   "dependencies": {
     "accepts": "~1.3.4",
     "base64id": "~2.0.0",
+    "cors": "~2.8.5",
     "debug": "~4.3.2",
     "engine.io": "~6.5.0",
     "socket.io-adapter": "~2.5.2",

diff --git a/test/server-attachment.ts b/test/server-attachment.ts
@@ -70,6 +70,27 @@ describe("server attachment", () => {
         });
     });
 
+    it("should serve client with necessary CORS headers", (done) => {
+      const srv = createServer();
+      new Server(srv, {
+        cors: {
+          origin: "https://good-origin.com",
+        },
+      });
+      request(srv)
+        .get("/socket.io/socket.io.js")
+        .set("origin", "https://good-origin.com")
+        .buffer(true)
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.headers["access-control-allow-origin"]).to.be(
+            "https://good-origin.com"
+          );
+          expect(res.status).to.be(200);
+          done();
+        });
+    });
+
     it(
       "should serve bundle with msgpack parser",
       testSource("socket.io.msgpack.min.js")