From ef937f3fc3897098cd1227d4c2d061c572298c17 Mon Sep 17 00:00:00 2001 From: Steve Ripberger Date: Thu, 8 Aug 2019 14:19:45 -0400 Subject: [PATCH 1/4] Indlude access control headers on non-preflight OPTIONS requests --- index.js | 11 +---------- test/cors.test.js | 1 + 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/index.js b/index.js index 9452af8..ec628c4 100644 --- a/index.js +++ b/index.js @@ -69,7 +69,7 @@ module.exports = function(options) { headersSet[key] = value; } - if (ctx.method !== 'OPTIONS') { + if (ctx.method !== 'OPTIONS' || !ctx.get('Access-Control-Request-Method')) { // Simple Cross-Origin Request, Actual Request, and Redirects set('Access-Control-Allow-Origin', origin); @@ -97,15 +97,6 @@ module.exports = function(options) { } } else { // Preflight Request - - // If there is no Access-Control-Request-Method header or if parsing failed, - // do not set any additional headers and terminate this set of steps. - // The request is outside the scope of this specification. - if (!ctx.get('Access-Control-Request-Method')) { - // this not preflight request, ignore it - return await next(); - } - ctx.set('Access-Control-Allow-Origin', origin); if (options.credentials === true) { diff --git a/test/cors.test.js b/test/cors.test.js index 2bd05d4..ba8c100 100644 --- a/test/cors.test.js +++ b/test/cors.test.js @@ -47,6 +47,7 @@ describe('cors.test.js', function() { request(app.listen()) .options('/') .set('Origin', 'http://koajs.com') + .expect('Access-Control-Allow-Origin', 'http://koajs.com') .expect(200, done); }); From e3735d8d2d79d64f59e4932b96adfc2ed0a3f57c Mon Sep 17 00:00:00 2001 From: Steve Ripberger Date: Thu, 8 Aug 2019 14:30:13 -0400 Subject: [PATCH 2/4] Remove unnecessary awaits --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index ec628c4..35c4839 100644 --- a/index.js +++ b/index.js @@ -51,7 +51,7 @@ module.exports = function(options) { // https://github.com/rs/cors/issues/10 ctx.vary('Origin'); - if (!requestOrigin) return await next(); + if (!requestOrigin) await next(); let origin; if (typeof options.origin === 'function') { From 5e89c1af6b2e60981c47e8580adbc0e8d3b82fd4 Mon Sep 17 00:00:00 2001 From: Steve Ripberger Date: Thu, 8 Aug 2019 15:03:20 -0400 Subject: [PATCH 3/4] Accidentally removed a return instead of an await --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 35c4839..47bcdf5 100644 --- a/index.js +++ b/index.js @@ -51,7 +51,7 @@ module.exports = function(options) { // https://github.com/rs/cors/issues/10 ctx.vary('Origin'); - if (!requestOrigin) await next(); + if (!requestOrigin) return next(); let origin; if (typeof options.origin === 'function') { From b1a2ae951b21d205811ed8613291b87e544113e5 Mon Sep 17 00:00:00 2001 From: Steve Ripberger Date: Thu, 8 Aug 2019 15:06:58 -0400 Subject: [PATCH 4/4] Remove more awaits --- index.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index 47bcdf5..d61043c 100644 --- a/index.js +++ b/index.js @@ -57,7 +57,7 @@ module.exports = function(options) { if (typeof options.origin === 'function') { origin = options.origin(ctx); if (origin instanceof Promise) origin = await origin; - if (!origin) return await next(); + if (!origin) return next(); } else { origin = options.origin || requestOrigin; } @@ -81,9 +81,8 @@ module.exports = function(options) { set('Access-Control-Expose-Headers', options.exposeHeaders); } - if (!options.keepHeadersOnError) { - return await next(); - } + if (!options.keepHeadersOnError) return next(); + try { return await next(); } catch (err) {