Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep headers after an error #11

Merged
merged 1 commit into from
Apr 26, 2016
Merged

Keep headers after an error #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ app.use(cors());
* - {String|Array} allowHeaders `Access-Control-Allow-Headers`
* - {String|Number} maxAge `Access-Control-Max-Age` in seconds
* - {Boolean} credentials `Access-Control-Allow-Credentials`
* - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
* @return {Function}
* @api public
*/
Expand Down
48 changes: 38 additions & 10 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ var copy = require('copy-to');
* - {String|Array} allowHeaders `Access-Control-Allow-Headers`
* - {String|Number} maxAge `Access-Control-Max-Age` in seconds
* - {Boolean} credentials `Access-Control-Allow-Credentials`
* - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
* @return {Function}
* @api public
*/
Expand Down Expand Up @@ -49,6 +50,8 @@ module.exports = function (options) {

options.credentials = !!options.credentials;

options.keepHeadersOnError = options.keepHeadersOnError === undefined || !!options.keepHeadersOnError;

return function* cors(next) {
// If the Origin header is not present terminate this set of steps. The request is outside the scope of this specification.
var requestOrigin = this.get('Origin');
Expand All @@ -70,20 +73,25 @@ module.exports = function (options) {
origin = options.origin || requestOrigin;
}

var headersSet = {};

function set(self, key, value) {
self.set(key, value);
headersSet[key] = value;
}

if (this.method !== 'OPTIONS') {
// Simple Cross-Origin Request, Actual Request, and Redirects

this.set('Access-Control-Allow-Origin', origin);
set(this, 'Access-Control-Allow-Origin', origin);

if (options.credentials === true) {
this.set('Access-Control-Allow-Credentials', 'true');
set(this, 'Access-Control-Allow-Credentials', 'true');
}

if (options.exposeHeaders) {
this.set('Access-Control-Expose-Headers', options.exposeHeaders);
set(this, 'Access-Control-Expose-Headers', options.exposeHeaders);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on Preflight Request, there is won't throw any error on old code logic https://github.com/koajs/cors/blob/master/index.js#L88.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yeah I guess it won't have set any headers. Reverting.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, that should simplify the diff quite a bit.

}

yield next;
} else {
// Preflight Request

Expand All @@ -95,29 +103,49 @@ module.exports = function (options) {
return yield next;
}

this.set('Access-Control-Allow-Origin', origin);
set(this, 'Access-Control-Allow-Origin', origin);

if (options.credentials === true) {
this.set('Access-Control-Allow-Credentials', 'true');
set(this, 'Access-Control-Allow-Credentials', 'true');
}

if (options.maxAge) {
this.set('Access-Control-Max-Age', options.maxAge);
set(this, 'Access-Control-Max-Age', options.maxAge);
}

if (options.allowMethods) {
this.set('Access-Control-Allow-Methods', options.allowMethods);
set(this, 'Access-Control-Allow-Methods', options.allowMethods);
}

var allowHeaders = options.allowHeaders;
if (!allowHeaders) {
allowHeaders = this.get('Access-Control-Request-Headers');
}
if (allowHeaders) {
this.set('Access-Control-Allow-Headers', allowHeaders);
set(this, 'Access-Control-Allow-Headers', allowHeaders);
}

this.status = 204;
}

if (options.keepHeadersOnError) {
try {
yield next;
} catch (err) {
err.headers = err.headers || {};
if (Object.assign) {
Object.assign(err.headers, headersSet);
} else {
for (var key in headersSet) {
if (headersSet.hasOwnProperty(key)) {
err.headers[key] = headersSet[key];
}
}
}
throw err;
}
} else {
yield next;
}
};
};
64 changes: 64 additions & 0 deletions test/cors.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,4 +360,68 @@ describe('cors.test.js', function () {
.expect(204, done);
});
});

describe('options.headersKeptOnError', function () {
it('should keep CORS headers after an error', function (done) {
var app = koa();
app.use(cors());
app.use(function* () {
this.body = {foo: 'bar'};
throw new Error('Whoops!');
});

request(app.listen())
.get('/')
.set('Origin', 'http://koajs.com')
.expect('Access-Control-Allow-Origin', 'http://koajs.com')
.expect(/Error/)
.expect(500, done);
});

it('should not keep unrelated headers', function (done) {
var app = koa();
app.use(cors());
app.use(function* () {
this.body = {foo: 'bar'};
this.set('X-Example', 'Value');
throw new Error('Whoops!');
});

request(app.listen())
.get('/')
.set('Origin', 'http://koajs.com')
.expect('Access-Control-Allow-Origin', 'http://koajs.com')
.expect(/Error/)
.expect(500, function (err, res) {
if (err) {
return done(err);
}
assert(!res.headers['x-example']);
done();
});
});

it('should not keep CORS headers after an error if keepHeadersOnError is false', function (done) {
var app = koa();
app.use(cors({
keepHeadersOnError: false
}));
app.use(function* () {
this.body = {foo: 'bar'};
throw new Error('Whoops!');
});

request(app.listen())
.get('/')
.set('Origin', 'http://koajs.com')
.expect(/Error/)
.expect(500, function (err, res) {
if (err) {
return done(err);
}
assert(!res.headers['access-control-allow-origin']);
done();
});
});
});
});