Skip to content

Commit 389d895

Browse files
petersirkapetersirka
committed
Fixed cors origin.
1 parent afb6888 commit 389d895

3 files changed

Lines changed: 11 additions & 7 deletions

File tree

index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6530,7 +6530,7 @@ Framework.prototype._cors = function(req, res, fn, arg) {
65306530
var name;
65316531
var isOPTIONS = req.method === 'OPTIONS';
65326532

6533-
res.setHeader('Access-Control-Allow-Origin', cors.origin ? cors.origin : '*');
6533+
res.setHeader('Access-Control-Allow-Origin', cors.origin ? cors.origin : cors.credentials ? origin : '*');
65346534

65356535
if (cors.credentials)
65366536
res.setHeader('Access-Control-Allow-Credentials', 'true');

test/test-framework-debug.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ var framework = require('../index');
44
var fs = require('fs');
55
var url = 'http://127.0.0.1:8001/';
66
var errorStatus = 0;
7-
var max = 100;
7+
var max = 1;
88

99
// INSTALL('module', 'https://www.totaljs.com/framework/include.js', { test: true });
1010

@@ -145,14 +145,16 @@ function test_routing(next) {
145145
utils.request(url + '/cors/headers/', ['options'], null, function(error, data, code, headers) {
146146
if (error)
147147
throw error;
148-
assert.ok(headers['access-control-allow-origin'] === '*', 'CORS, headers problem 1');
148+
149+
// "access-control-allow-origin" doesn't support * (wildcard) when "access-control-allow-credentials" is set to true
150+
// node.js doesn't support duplicates headers
151+
assert.ok(headers['access-control-allow-origin'] === 'http://www.petersirka.eu', 'CORS, headers problem 1');
149152
assert.ok(headers['access-control-allow-credentials'] === 'true', 'CORS, headers problem 2');
150153
assert.ok(headers['access-control-allow-methods'] === 'POST, PUT, DELETE, OPTIONS', 'CORS, headers problem 3');
151154
complete();
152155
}, null, { 'origin': 'http://www.petersirka.eu' });
153156
});
154157

155-
156158
async.await('options', function(complete) {
157159
utils.request(url + 'options/', ['options'], null, function(error, data, code, headers) {
158160
if (error)

test/test-framework-release.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ var framework = require('../index');
44
var fs = require('fs');
55
var url = 'http://127.0.0.1:8001/';
66
var errorStatus = 0;
7-
var max = 100;
7+
var max = 1;
88

99
// INSTALL('module', 'https://www.totaljs.com/framework/include.js', { test: true });
1010

@@ -145,14 +145,16 @@ function test_routing(next) {
145145
utils.request(url + '/cors/headers/', ['options'], null, function(error, data, code, headers) {
146146
if (error)
147147
throw error;
148-
assert.ok(headers['access-control-allow-origin'] === '*', 'CORS, headers problem 1');
148+
149+
// "access-control-allow-origin" doesn't support * (wildcard) when "access-control-allow-credentials" is set to true
150+
// node.js doesn't support duplicates headers
151+
assert.ok(headers['access-control-allow-origin'] === 'http://www.petersirka.eu', 'CORS, headers problem 1');
149152
assert.ok(headers['access-control-allow-credentials'] === 'true', 'CORS, headers problem 2');
150153
assert.ok(headers['access-control-allow-methods'] === 'POST, PUT, DELETE, OPTIONS', 'CORS, headers problem 3');
151154
complete();
152155
}, null, { 'origin': 'http://www.petersirka.eu' });
153156
});
154157

155-
156158
async.await('options', function(complete) {
157159
utils.request(url + 'options/', ['options'], null, function(error, data, code, headers) {
158160
if (error)

0 commit comments

Comments
 (0)