Skip to content

Commit

Permalink
fix: vary logic
Browse files Browse the repository at this point in the history 
See #1251
  • Loading branch information
@willfarrell
willfarrell committed Nov 3, 2024
1 parent 019d6e4 commit 4834c17
Show file tree
Hide file tree
Showing 3 changed files with 147 additions and 122 deletions.
119 changes: 62 additions & 57 deletions packages/http-cors/__tests__/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const context = {
test('Should return default headers when { }', async (t) => {
const handler = middy((event, context) => ({ statusCode: 200 }))

handler.use(cors({ disableBeforePreflightResponse: false }))
handler.use(cors({}))

const event = {
httpMethod: 'OPTIONS',
Expand All @@ -20,10 +20,30 @@ test('Should return default headers when { }', async (t) => {
const response = await handler(event, context)

deepEqual(response, {
statusCode: 204,
statusCode: 200,
headers: {}
})
})
test('Should return default headers when { origin: "*" }', async (t) => {
const handler = middy((event, context) => ({ statusCode: 200 }))

handler.use(cors({ disableBeforePreflightResponse: false, origin: '*' }))

const event = {
httpMethod: 'OPTIONS',
headers: {}
}

const response = await handler(event, context)

deepEqual(response, {
statusCode: 204,
headers: {
'Access-Control-Allow-Origin': '*',
Vary: 'Origin'
}
})
})

test('It should add headers even onError', async (t) => {
const handler = middy((event, context) => {
Expand Down Expand Up @@ -51,8 +71,7 @@ test('It should add headers even onError', async (t) => {
deepEqual(response, {
statusCode: 500,
headers: {
'Access-Control-Allow-Origin': 'https://example.com',
Vary: 'Origin'
'Access-Control-Allow-Origin': 'https://example.com'
}
})
})
Expand All @@ -65,7 +84,7 @@ test('It should run handler when { disableBeforePreflightResponse: true }', asyn
return { statusCode: 200 }
})

handler.use(cors({ disableBeforePreflightResponse: true, origin: null }))
handler.use(cors({ disableBeforePreflightResponse: true }))

const event = {
httpMethod: 'OPTIONS',
Expand All @@ -88,7 +107,7 @@ test('It should respond during `before` when { disableBeforePreflightResponse: f
return { statusCode: 200 }
})

handler.use(cors({ disableBeforePreflightResponse: false, origin: null }))
handler.use(cors({ disableBeforePreflightResponse: false }))

const event = {
httpMethod: 'OPTIONS',
Expand All @@ -105,14 +124,10 @@ test('It should respond during `before` when { disableBeforePreflightResponse: f
})

// *** origin(s) *** //
test('It should exclude `Access-Control-Allow-Origin` when { origin: `null` }', async (t) => {
test('It should exclude `Access-Control-Allow-Origin`', async (t) => {
const handler = middy((event, context) => ({ statusCode: 204 }))

handler.use(
cors({
origin: null
})
)
handler.use(cors({}))

const event = {
httpMethod: 'OPTIONS',
Expand Down Expand Up @@ -150,8 +165,7 @@ test('It should not override response Access-Control-Allow-Origin header when {
deepEqual(response, {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': 'https://example.com',
Vary: 'Origin'
'Access-Control-Allow-Origin': 'https://example.com'
}
})
})
Expand All @@ -171,7 +185,8 @@ test('Access-Control-Allow-Origin header should be "*" when origin is "*"', asyn
deepEqual(response, {
statusCode: 204,
headers: {
'Access-Control-Allow-Origin': '*'
'Access-Control-Allow-Origin': '*',
Vary: 'Origin'
}
})
})
Expand All @@ -196,8 +211,7 @@ test('It should use origin specified in options', async (t) => {
deepEqual(response, {
statusCode: 204,
headers: {
'Access-Control-Allow-Origin': 'https://example.com',
Vary: 'Origin'
'Access-Control-Allow-Origin': 'https://example.com'
}
})
})
Expand All @@ -224,8 +238,7 @@ test('It should use Origin when matching origin specified in options', async (t)
deepEqual(response, {
statusCode: 204,
headers: {
'Access-Control-Allow-Origin': 'https://example.com',
Vary: 'Origin'
'Access-Control-Allow-Origin': 'https://example.com'
}
})
})
Expand All @@ -250,7 +263,8 @@ test('It should return whitelisted origin (any)', async (t) => {
deepEqual(response, {
statusCode: 204,
headers: {
'Access-Control-Allow-Origin': '*'
'Access-Control-Allow-Origin': '*',
Vary: 'Origin'
}
})
})
Expand Down Expand Up @@ -352,7 +366,9 @@ test('It should exclude `Access-Control-Allow-Origin` if no match in origins (st

deepEqual(response, {
statusCode: 204,
headers: {}
headers: {
Vary: 'Origin'
}
})
})

Expand All @@ -375,7 +391,9 @@ test('It should exclude `Access-Control-Allow-Origin` if no match in origins (dy

deepEqual(response, {
statusCode: 204,
headers: {}
headers: {
Vary: 'Origin'
}
})
})

Expand All @@ -398,7 +416,9 @@ test('It should exclude `Access-Control-Allow-Origin` if no match in origins (dy

deepEqual(response, {
statusCode: 204,
headers: {}
headers: {
Vary: 'Origin'
}
})
})

Expand All @@ -413,8 +433,7 @@ test('It should not override already declared Access-Control-Allow-Headers heade
.use(
cors({
disableBeforePreflightResponse: true,
headers: 'x-example-2',
origin: null
headers: 'x-example-2'
})
)

Expand All @@ -439,8 +458,7 @@ test('It should use allowed headers specified in options', async (t) => {
handler.use(
cors({
disableBeforePreflightResponse: false,
headers: 'x-example',
origin: null
headers: 'x-example'
})
)

Expand Down Expand Up @@ -470,8 +488,7 @@ test('It should not override already declared Access-Control-Allow-Credentials h
.use(
cors({
disableBeforePreflightResponse: true,
credentials: true,
origin: null
credentials: true
})
)
.onError(() => {})
Expand All @@ -496,8 +513,7 @@ test('It should not override already declared Access-Control-Allow-Credentials h
.use(
cors({
disableBeforePreflightResponse: true,
credentials: false,
origin: null
credentials: false
})
)
// other middleware that puts the cors header
Expand Down Expand Up @@ -559,7 +575,6 @@ test('It should use change credentials as specified in options (true)', async (t
cors({
disableBeforePreflightResponse: false,
credentials: true,
origin: null,
origins: ['*']
})
)
Expand Down Expand Up @@ -590,7 +605,6 @@ test('It should use change credentials as specified in options (true) with lower
cors({
disableBeforePreflightResponse: false,
credentials: true,
origin: null,
origins: ['*']
})
)
Expand Down Expand Up @@ -620,8 +634,7 @@ test('it should set Access-Control-Allow-Methods header if present in config', a
handler.use(
cors({
disableBeforePreflightResponse: false,
methods: 'GET,PUT',
origin: null
methods: 'GET,PUT'
})
)

Expand All @@ -648,8 +661,7 @@ test('it should not overwrite Access-Control-Allow-Methods header if already set
handler.use(
cors({
disableBeforePreflightResponse: true,
methods: 'GET,PUT',
origin: null
methods: 'GET,PUT'
})
)

Expand All @@ -673,8 +685,7 @@ test('it should set Access-Control-Expose-Headers header if present in config',
handler.use(
cors({
disableBeforePreflightResponse: false,
exposeHeaders: 'X-Middleware',
origin: null
exposeHeaders: 'X-Middleware'
})
)

Expand All @@ -701,8 +712,7 @@ test('it should not overwrite Access-Control-Expose-Headers header if already se
handler.use(
cors({
disableBeforePreflightResponse: true,
exposeHeaders: 'X-Middleware',
origin: null
exposeHeaders: 'X-Middleware'
})
)

Expand All @@ -726,8 +736,7 @@ test('it should set Access-Control-Max-Age header if present in config', async (
handler.use(
cors({
disableBeforePreflightResponse: false,
maxAge: '3600',
origin: null
maxAge: '3600'
})
)

Expand All @@ -754,8 +763,7 @@ test('it should not overwrite Access-Control-Max-Age header if already set', asy
handler.use(
cors({
disableBeforePreflightResponse: true,
maxAge: '3600',
origin: null
maxAge: '3600'
})
)

Expand All @@ -779,8 +787,7 @@ test('it should set Cache-Control header if present in config and http method OP
handler.use(
cors({
disableBeforePreflightResponse: false,
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate',
origin: null
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate'
})
)

Expand All @@ -805,8 +812,7 @@ for (const httpMethod of ['GET', 'POST', 'PUT', 'PATCH']) {
handler.use(
cors({
disableBeforePreflightResponse: false,
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate',
origin: null
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate'
})
)

Expand All @@ -829,8 +835,7 @@ test('it should not overwrite Cache-Control header if already set', async (t) =>
handler.use(
cors({
disableBeforePreflightResponse: true,
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate',
origin: null
cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate'
})
)

Expand All @@ -857,8 +862,7 @@ test('it should not overwrite Vary header if already set', async (t) => {
handler.use(
cors({
disableBeforePreflightResponse: true,
vary: 'Access-Control-Allow-Methods',
origin: null
vary: 'Access-Control-Allow-Methods'
})
)

Expand All @@ -882,8 +886,7 @@ test('it should set Vary header if present in config', async (t) => {
handler.use(
cors({
disableBeforePreflightResponse: false,
vary: 'Access-Control-Allow-Methods',
origin: null
vary: 'Access-Control-Allow-Methods'
})
)

Expand All @@ -908,7 +911,8 @@ test('It should use custom getOrigin', async (t) => {
handler.use(
cors({
disableBeforePreflightResponse: false,
getOrigin: () => 'https://default.com'
getOrigin: () => 'https://default.com',
origin: '*'
})
)

Expand All @@ -934,7 +938,8 @@ test('It should use pass incoming origin to custom getOrigin', async (t) => {
handler.use(
cors({
disableBeforePreflightResponse: false,
getOrigin: (incomingOrigin, options) => incomingOrigin
getOrigin: (incomingOrigin, options) => incomingOrigin,
origin: '*'
})
)

Expand Down
Loading

0 comments on commit 4834c17

Please sign in to comment.