Merge pull request nodeSolidServer#135 from nicola/onlyGet

Andrei · Andrei · commit b284fa77499f · 2015-09-17T15:34:35.000-04:00
Only allow GET on proxy
diff --git a/index.js b/index.js
@@ -131,18 +131,27 @@ function createServer(argv) {
 
 function proxy (app, path) {
     debug.settings('XSS Proxy listening to ' + path);
-    app.get(path, corsSettings, function (req, res) {
-        debug.settings('originalUrl: ' + req.originalUrl);
-        var uri = req.query.uri;
-        if (!uri) {
-            return res
-                .status(400)
-                .send("Proxy has no uri param ");
-        }
-
-        debug.settings('Proxy destination URI: ' + uri);
-        request.get(uri).pipe(res);
-    });
+    app.get(
+        path,
+        cors({
+            methods: ['GET'],
+            exposedHeaders: 'User, Location, Link, Vary, Last-Modified, Content-Length',
+            credentials: true,
+            maxAge: 1728000,
+            origin: true
+        }),
+        function (req, res) {
+            debug.settings('originalUrl: ' + req.originalUrl);
+            var uri = req.query.uri;
+            if (!uri) {
+                return res
+                    .status(400)
+                    .send("Proxy has no uri param ");
+            }
+
+            debug.settings('Proxy destination URI: ' + uri);
+            request.get(uri).pipe(res);
+        });
 }
 
 function routes () {
diff --git a/test/params.js b/test/params.js
@@ -29,6 +29,9 @@ describe('LDNODE params', function () {
     it('should also work on /proxy/ ?uri', function(done) {
       nock('https://amazingwebsite.tld').get('/').reply(200);
       server.get('/proxy/?uri=https://amazingwebsite.tld/')
+        .expect(function (a) {
+          assert.equal(a.header['link'], null)
+        })
         .expect(200, done);
     });
 
