Merge pull request #1 from elastic-coders/cors

thenikso · web-flow · commit 8d55e29f6701 · 2016-09-28T11:02:06.000+02:00
Cors
diff --git a/index.js b/index.js
@@ -93,7 +93,8 @@ module.exports = function(options) {
         callbacks.push(executeLambdaCallback(func));
         // Setup endpoint
         if (e.cors) {
-          httpConfig.eventHandler('options', path, [decorateAddCORSCallback(), send200]);
+          httpConfig.eventHandler('options', path, [decorateAddCORSCallback(e.cors), send200]);
+          callbacks.unshift(decorateAddCORSCallback(e.cors));
         }
         httpConfig.eventHandler(method, path, callbacks);
       }
diff --git a/lib/decorators-callbacks.js b/lib/decorators-callbacks.js
@@ -18,11 +18,21 @@ module.exports.decorateLambdaReqCallback = function(getPrincipalId) {
   };
 };
 
-module.exports.decorateAddCORSCallback = function() {
+const defaultCors = {
+  origins: ['*'],
+  methods: ['GET', 'PUT', 'HEAD', 'PATCH', 'POST', 'DELETE', 'OPTIONS'],
+  headers: ['Authorization', 'Content-Type', 'x-amz-date', 'x-amz-security-token']
+};
+
+module.exports.decorateAddCORSCallback = function(corsOpts) {
+  let cors = defaultCors;
+  if(corsOpts instanceof Object) {
+    cors = Object.assign({}, defaultCors, corsOpts);
+  }
   return function(req, res, next) {
-    res.header('Access-Control-Allow-Origin', '*');
-    res.header('Access-Control-Allow-Methods', 'GET,PUT,HEAD,PATCH,POST,DELETE,OPTIONS');
-    res.header('Access-Control-Allow-Headers', 'Authorization,Content-Type,x-amz-date,x-amz-security-token');
+    res.header('Access-Control-Allow-Methods', cors.methods.join(','));
+    res.header('Access-Control-Allow-Headers', cors.headers.join(','));
+    res.header('Access-Control-Allow-Origin', cors.origins.join(','));
     next();
   };
 };
diff --git a/tests/decorators-callbacks.test.js b/tests/decorators-callbacks.test.js
@@ -59,8 +59,8 @@ describe('decorators-callbacks', () => {
       expect(subject.decorateAddCORSCallback()).to.be.a('function');
     });
 
-    it('should add CORS headers', () => {
-      const cb = subject.decorateAddCORSCallback();
+    it('should add default CORS headers', () => {
+      const cb = subject.decorateAddCORSCallback(true);
       const req = {};
       const res = {
         header: sinon.spy(),
@@ -72,5 +72,23 @@ describe('decorators-callbacks', () => {
       expect(res.header).to.have.been.calledWith('Access-Control-Allow-Headers', 'Authorization,Content-Type,x-amz-date,x-amz-security-token');
       expect(next).to.have.callCount(1);
     });
+
+    it('should add custom CORS headers', () => {
+      const cb = subject.decorateAddCORSCallback({
+        origins: ['https://myapp.test.com'],
+        methods: ['GET', 'POST']
+      });
+      const req = {};
+      const res = {
+        header: sinon.spy(),
+      };
+      const next = sinon.spy();
+      cb(req, res, next);
+      expect(res.header).to.have.been.calledWith('Access-Control-Allow-Origin', 'https://myapp.test.com');
+      expect(res.header).to.have.been.calledWith('Access-Control-Allow-Methods', 'GET,POST');
+      expect(res.header).to.have.been.calledWith('Access-Control-Allow-Headers', 'Authorization,Content-Type,x-amz-date,x-amz-security-token');
+      expect(next).to.have.callCount(1);
+    });
+
   });
 });

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,8 @@ module.exports = function(options) {`
`93`	`93`	`callbacks.push(executeLambdaCallback(func));`
`94`	`94`	`// Setup endpoint`
`95`	`95`	`if (e.cors) {`
`96`		`- httpConfig.eventHandler('options', path, [decorateAddCORSCallback(), send200]);`
	`96`	`+ httpConfig.eventHandler('options', path, [decorateAddCORSCallback(e.cors), send200]);`
	`97`	`+ callbacks.unshift(decorateAddCORSCallback(e.cors));`
`97`	`98`	`}`
`98`	`99`	`httpConfig.eventHandler(method, path, callbacks);`
`99`	`100`	`}`