Skip to content

Commit

Permalink
fix: Calling all options even if origin header is not present (#87)
Browse files Browse the repository at this point in the history
As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs

Fix #18
  • Loading branch information
CleberRossi authored and fengmk2 committed Oct 8, 2022
1 parent b49b085 commit 7358ab3
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
2 changes: 0 additions & 2 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,6 @@ module.exports = function(options) {
// https://github.com/rs/cors/issues/10
ctx.vary('Origin');

if (!requestOrigin) return await next();

let origin;
if (typeof options.origin === 'function') {
origin = await options.origin(ctx);
Expand Down
8 changes: 8 additions & 0 deletions test/cors.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,14 @@ describe('cors.test.js', function() {
.expect({ foo: 'bar' })
.expect(200, done);
});

it('should always set `Access-Control-Allow-Origin` to *, even if no Origin is passed on request', function(done) {
request(app.listen())
.get('/')
.expect('Access-Control-Allow-Origin', '*')
.expect({ foo: 'bar' })
.expect(200, done);
});
});

describe('options.secureContext=true', function() {
Expand Down

1 comment on commit 7358ab3

@julienw
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey!
I don't fully understand the implications for this change. The issue isn't very clear about the motivations for this.
Can you please elaborate a bit more?
Thanks!

Please sign in to comment.