/
cors.js
93 lines (85 loc) · 3.59 KB
/
cors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/* global jest:false, test:false, describe:false, expect:false */
const { cors } = require('../../src/server/middlewares')
function testWithMock ({ corsOptions, get = () => {}, origin = 'https://localhost:1234' } = {}) {
const res = {
get,
getHeader: get,
setHeader: jest.fn(),
end: jest.fn(),
}
const req = {
method: 'OPTIONS',
headers: {
origin,
},
}
const next = jest.fn()
cors(corsOptions)(req, res, next)
return { res }
}
describe('cors', () => {
test('should properly merge with existing headers', () => {
const get = (header) => {
if (header.toLowerCase() === 'access-control-allow-methods') return 'PATCH,OPTIONS, post'
if (header.toLowerCase() === 'access-control-allow-headers') return 'test-allow-header'
if (header.toLowerCase() === 'access-control-expose-headers') return 'test'
return undefined
}
const { res } = testWithMock({
corsOptions: {
sendSelfEndpoint: true,
corsOrigins: /^https:\/\/localhost:.*$/,
},
get,
})
expect(res.setHeader.mock.calls).toEqual([
['Access-Control-Allow-Origin', 'https://localhost:1234'],
['Vary', 'Origin'],
['Access-Control-Allow-Credentials', 'true'],
['Access-Control-Allow-Methods', 'PATCH,OPTIONS,POST,GET,DELETE'],
['Access-Control-Allow-Headers', 'test-allow-header,uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
['Access-Control-Expose-Headers', 'test,access-control-allow-headers,i-am'],
['Content-Length', '0'],
])
// expect(next).toHaveBeenCalled()
})
test('should also work when nothing added', () => {
const { res } = testWithMock()
expect(res.setHeader.mock.calls).toEqual([
['Access-Control-Allow-Origin', 'https://localhost:1234'],
['Vary', 'Origin'],
['Access-Control-Allow-Credentials', 'true'],
['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
['Access-Control-Expose-Headers', 'access-control-allow-headers'],
['Content-Length', '0'],
])
})
test('should support disabling cors', () => {
const { res } = testWithMock({ corsOptions: { corsOrigins: false } })
expect(res.setHeader.mock.calls).toEqual([])
})
test('should support incorrect url', () => {
const { res } = testWithMock({ corsOptions: { corsOrigins: /^incorrect$/ } })
expect(res.setHeader.mock.calls).toEqual([
['Vary', 'Origin'],
['Access-Control-Allow-Credentials', 'true'],
['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
['Access-Control-Expose-Headers', 'access-control-allow-headers'],
['Content-Length', '0'],
])
})
test('should support array origin', () => {
const { res } = testWithMock({ corsOptions: { corsOrigins: ['http://google.com', 'https://localhost:1234'] } })
expect(res.setHeader.mock.calls).toEqual([
['Access-Control-Allow-Origin', 'https://localhost:1234'],
['Vary', 'Origin'],
['Access-Control-Allow-Credentials', 'true'],
['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
['Access-Control-Expose-Headers', 'access-control-allow-headers'],
['Content-Length', '0'],
])
})
})