Skip to content

Commit

Permalink
- Merged #5
Browse files Browse the repository at this point in the history
- Made `options.http.withCredentials` false by default
  • Loading branch information
JamesMessinger committed Dec 31, 2015
1 parent 6e32581 commit 415cfa2
Show file tree
Hide file tree
Showing 9 changed files with 735 additions and 598 deletions.
973 changes: 549 additions & 424 deletions dist/ref-parser.js

Large diffs are not rendered by default.

62 changes: 30 additions & 32 deletions dist/ref-parser.js.map

Large diffs are not rendered by default.

146 changes: 74 additions & 72 deletions dist/ref-parser.min.js

Large diffs are not rendered by default.

64 changes: 31 additions & 33 deletions dist/ref-parser.min.js.map

Large diffs are not rendered by default.

26 changes: 13 additions & 13 deletions docs/options.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ $RefParser.dereference("my-schema.yaml", {
});
```

|Option |Type |Default |Description
|:----------------|:--------|:---------|:----------
|`allow.json` |bool |true |Determines whether JSON files are supported
|`allow.yaml` |bool |true |Determines whether YAML files are supported<br> (note: all JSON files are also valid YAML files)
|`allow.empty` |bool |true |Determines whether it's ok for a `$ref` pointer to point to an empty file
|`allow.unknown` |bool |true |Determines whether it's ok for a `$ref` pointer to point to an unknown/unsupported file type (such as HTML, text, image, etc.). The default is to resolve unknown files as a [`Buffer`](https://nodejs.org/api/buffer.html#buffer_class_buffer)
|`$refs.internal` |bool |true |Determines whether internal `$ref` pointers (such as `#/definitions/widget`) will be dereferenced when calling [`dereference()`](ref-parser.md#dereferenceschema-options-callback). Either way, you'll still be able to get the value using [`$Refs.get()`](refs.md#getref-options)
|`$refs.external` |bool |true |Determines whether external `$ref` pointers get resolved/dereferenced. If `false`, then no files/URLs will be retrieved. Use this if you only want to allow single-file schemas.
|`$refs.circular` |bool or "ignore" |true |Determines whether [circular `$ref` pointers](README.md#circular-refs) are allowed. If `false`, then a `ReferenceError` will be thrown if the schema contains a circular reference.<br><br> If set to `"ignore"`, then circular references will _not_ be dereferenced, even when calling [`dereference()`](ref-parser.md#dereferenceschema-options-callback). No error will be thrown, but the [`$Refs.circular`](refs.md#circular) property will still be set to `true`.
|`cache.fs` |number |60 |<a name="caching"></a>The length of time (in seconds) to cache local files. The default is one minute. Setting to zero will cache forever.
|`cache.http` |number |300 |The length of time (in seconds) to cache HTTP URLs. The default is five minutes. Setting to zero will cache forever.
|`cache.https` |number |300 |The length of time (in seconds) to cache HTTPS URLs. The default is five minutes. Setting to zero will cache forever.
|`http.withCredentials` |bool |true |When used in browser specifies `withCredentials` option of `XMLHttpRequest` object. Setting to `false` allows loading via CORS with `Access-Control-Allow-Origin` set to `*`
|Option |Type |Default |Description
|:---------------------|:--------|:---------|:----------
|`allow.json` |bool |true |Determines whether JSON files are supported
|`allow.yaml` |bool |true |Determines whether YAML files are supported<br> (note: all JSON files are also valid YAML files)
|`allow.empty` |bool |true |Determines whether it's ok for a `$ref` pointer to point to an empty file
|`allow.unknown` |bool |true |Determines whether it's ok for a `$ref` pointer to point to an unknown/unsupported file type (such as HTML, text, image, etc.). The default is to resolve unknown files as a [`Buffer`](https://nodejs.org/api/buffer.html#buffer_class_buffer)
|`$refs.internal` |bool |true |Determines whether internal `$ref` pointers (such as `#/definitions/widget`) will be dereferenced when calling [`dereference()`](ref-parser.md#dereferenceschema-options-callback). Either way, you'll still be able to get the value using [`$Refs.get()`](refs.md#getref-options)
|`$refs.external` |bool |true |Determines whether external `$ref` pointers get resolved/dereferenced. If `false`, then no files/URLs will be retrieved. Use this if you only want to allow single-file schemas.
|`$refs.circular` |bool or "ignore" |true |Determines whether [circular `$ref` pointers](README.md#circular-refs) are allowed. If `false`, then a `ReferenceError` will be thrown if the schema contains a circular reference.<br><br> If set to `"ignore"`, then circular references will _not_ be dereferenced, even when calling [`dereference()`](ref-parser.md#dereferenceschema-options-callback). No error will be thrown, but the [`$Refs.circular`](refs.md#circular) property will still be set to `true`.
|`cache.fs` |number |60 |<a name="caching"></a>The length of time (in seconds) to cache local files. The default is one minute. Setting to zero will cache forever.
|`cache.http` |number |300 |The length of time (in seconds) to cache HTTP URLs. The default is five minutes. Setting to zero will cache forever.
|`cache.https` |number |300 |The length of time (in seconds) to cache HTTPS URLs. The default is five minutes. Setting to zero will cache forever.
|`http.withCredentials`|bool |false |When used in browser specifies [`withCredentials`](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials) option of [`XMLHttpRequest`](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) object. Set this to `true` if you're downloading files from a CORS-enabled server that requries authentication
13 changes: 9 additions & 4 deletions lib/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,16 @@ function $RefParserOptions(options) {
https: 5 * 60 // 5 minutes
};

/* http options */
/**
* HTTP request options
*/
this.http = {
/* withCredentials option of XMLHttpRequest */
withCredentials: true
}
/**
* The `withCredentials` option of XMLHttpRequest.
* Set this to `true` if you're downloading files from a CORS-enabled server that requires authentication
*/
withCredentials: false
};

merge(options, this);
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"upgrade": "ncu --upgradeAll && npm update && bower update",
"bump": "bump --prompt --grep lib/bundle.js dist/* --tag --push --all",
"release": "npm run upgrade && npm test && npm run bump && npm publish",
"start": "http-server -o -c-1"
"start": "npm run watch & http-server -o -c-1"
},
"repository": {
"type": "git",
Expand Down
4 changes: 2 additions & 2 deletions tests/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@
<script src="specs/circular-extended/circular-extended.dereferenced.js"></script>
<script src="specs/circular-extended/circular-extended.spec.js"></script>

<script src="specs/cors/cors.spec.js"></script>

<script src="specs/deep/deep.parsed.js"></script>
<script src="specs/deep/deep.dereferenced.js"></script>
<script src="specs/deep/deep.bundled.js"></script>
Expand Down Expand Up @@ -83,8 +85,6 @@
<script src="specs/callbacks.spec.js"></script>
<script src="specs/yaml.spec.js"></script>

<script src="specs/cors.spec.js"></script>

<script>
mocha.run();
</script>
Expand Down
43 changes: 26 additions & 17 deletions tests/specs/cors/cors.spec.js
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
'use strict';

describe('parse from CORS with Access-Control-Allow-Origin: *', function() {
var windowOnError, testDone;

beforeEach(function() {
windowOnError = global.onerror;
global.onerror = function() {
testDone();
return true;
}
});

afterEach(function() {
global.onerror = windowOnError;
describe('CORS support', function() {
it('should download successfully by default', function() {
// Swagger.io has CORS enabled, with "Access-Control-Allow-Origin" set to a wildcard ("*").
// This should work by-default.
var parser = new $RefParser();
return parser
.parse('http://petstore.swagger.io:80/v2/swagger.json')
.then(function(schema) {
expect(schema).to.be.an('object');
expect(schema).not.to.be.empty;
expect(parser.schema).to.equal(schema);
});
});

it('should parse successfully with http.withCredentials = false', function() {
it('should download successfully with http.withCredentials = false (default)', function() {
// Swagger.io has CORS enabled, with "Access-Control-Allow-Origin" set to a wildcard ("*").
// So, withCredentials MUST be false (this is the default, but we're testing it explicitly here)
var parser = new $RefParser();
return parser
.parse('http://petstore.swagger.io:80/v2/swagger.json', {
Expand All @@ -29,8 +30,14 @@ describe('parse from CORS with Access-Control-Allow-Origin: *', function() {
});

if (userAgent.isBrowser) {
it('should throw error in browser if http.withCredentials = true (default)', function(done) {
testDone = done;
it('should throw error in browser if http.withCredentials = true', function() {
// Some old Webkit browsers throw a global error
var oldOnError = global.onerror;
global.onerror = function() {
global.onerror = oldOnError; // restore the original error handler (failsafe)
return true; // ignore the error
};

var parser = new $RefParser();
return parser
.parse('http://petstore.swagger.io:80/v2/swagger.json', {
Expand All @@ -39,7 +46,9 @@ describe('parse from CORS with Access-Control-Allow-Origin: *', function() {
.then(helper.shouldNotGetCalled)
.catch(function(err) {
expect(err.message).to.contain('Error downloading file');
done();

// Restore the original error handler
global.onerror = oldOnError;
});
});
}
Expand Down

0 comments on commit 415cfa2

Please sign in to comment.