Skip to content

Commit f394bee

Browse files
author
u jann
committed
add additional CORS headers
1 parent d24c6b5 commit f394bee

File tree

3 files changed

+15
-9
lines changed

3 files changed

+15
-9
lines changed

README.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,11 @@ exports.handler = router.handler(
2323
{
2424
// for handling an http-call from an AWS Apigateway proxyIntegration we provide the following config:
2525
proxyIntegration: {
26-
// activate CORS on all http-methods (OPTIONS requests are handled automagically):
26+
// activate CORS on all http-methods (OPTIONS requests are handled automagically);
27+
// if set to true, these default headers will be sent on every response:
28+
// "Access-Control-Allow-Origin" = "'*'"
29+
// "Access-Control-Allow-Methods" = "'GET,POST,PUT,DELETE,HEAD'"
30+
// "Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
2731
cors: true,
2832
routes: [
2933
{

lib/proxyIntegration.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ function process(proxyIntegrationConfig, event) {
2121
let headers = {};
2222
if (proxyIntegrationConfig.cors) {
2323
headers["Access-Control-Allow-Origin"] = "*";
24+
headers["Access-Control-Allow-Methods"] = "'GET,POST,PUT,DELETE,HEAD'";
25+
headers["Access-Control-Allow-Headers"] = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'";
2426
if (event.httpMethod === 'OPTIONS') {
2527
return Promise.resolve({statusCode: 200, headers: headers, body: ''});
2628
}

test/proxyIntegration.spec.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,11 @@ function forEach(arrayOfArrays) {
1414
}
1515

1616
const proxyIntegration = require('../lib/proxyIntegration');
17+
const expectedCorsHeaders = {
18+
"Access-Control-Allow-Origin": "*",
19+
"Access-Control-Allow-Methods": "'GET,POST,PUT,DELETE,HEAD'",
20+
"Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
21+
};
1722

1823
describe('proxyIntegration.routeHandler.selection', () => {
1924
it('should select longer match', () => {
@@ -106,9 +111,7 @@ describe('proxyIntegration.routeHandler.selection', () => {
106111
}, {httpMethod: 'OPTIONS', path: '/'}).then(result => {
107112
expect(result).toEqual({
108113
statusCode: 200,
109-
headers: {
110-
"Access-Control-Allow-Origin": "*"
111-
},
114+
headers: expectedCorsHeaders,
112115
body: ''
113116
});
114117
done();
@@ -121,10 +124,7 @@ describe('proxyIntegration.routeHandler.selection', () => {
121124
}, {httpMethod: 'GET', path: '/'}).then(result => {
122125
expect(result).toEqual({
123126
statusCode: 200,
124-
headers: {
125-
"Content-Type": "application/json",
126-
"Access-Control-Allow-Origin": "*"
127-
},
127+
headers: Object.assign({"Content-Type": "application/json"}, expectedCorsHeaders),
128128
body: '"/"'
129129
});
130130
done();
@@ -307,7 +307,7 @@ describe('proxyIntegration.routeHandler', () => {
307307
expect(result).toEqual({
308308
statusCode: 501,
309309
body: 'bla',
310-
headers: {"Content-Type": "application/json", "Access-Control-Allow-Origin": "*"}
310+
headers: Object.assign({"Content-Type": "application/json"}, expectedCorsHeaders)
311311
});
312312
done();
313313
});

0 commit comments

Comments
 (0)