feat: Add support for "Private Network Access" (#83)

closes #81
koajs · Mar 29, 2022 · c279fc3 · c279fc3
1 parent 97d9220
commit c279fc3
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 0 deletions.
diff --git a/index.js b/index.js
@@ -14,6 +14,7 @@ const vary = require('vary');
  *  - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`
  *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
  *  - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false
+ *  - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
  *    @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes
  * @return {Function} cors middleware
  * @public
@@ -137,6 +138,10 @@ module.exports = function(options) {
         ctx.set('Access-Control-Max-Age', options.maxAge);
       }
 
+      if (options.privateNetworkAccess && ctx.get('Access-Control-Request-Private-Network')) {
+        ctx.set('Access-Control-Allow-Private-Network', 'true');
+      }
+
       if (options.allowMethods) {
         ctx.set('Access-Control-Allow-Methods', options.allowMethods);
       }

diff --git a/test/cors.test.js b/test/cors.test.js
@@ -698,4 +698,93 @@ describe('cors.test.js', function() {
         .expect(500, done);
     });
   });
+
+  describe('options.privateNetworkAccess=false', function() {
+    const app = new Koa();
+    app.use(cors({
+      privateNetworkAccess: false,
+    }));
+
+    app.use(function(ctx) {
+      ctx.body = { foo: 'bar' };
+    });
+
+    it('should not set `Access-Control-Allow-Private-Network` on not OPTIONS', function(done) {
+      request(app.listen())
+        .get('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .expect(res => {
+          assert(!('Access-Control-Allow-Private-Network' in res.headers));
+        })
+        .expect(200, done);
+    });
+
+    it('should not set `Access-Control-Allow-Private-Network` if `Access-Control-Request-Private-Network` not exist on OPTIONS', function(done) {
+      request(app.listen())
+        .options('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .expect(res => {
+          assert(!('Access-Control-Allow-Private-Network' in res.headers));
+        })
+        .expect(204, done);
+    });
+
+    it('should not set `Access-Control-Allow-Private-Network` if `Access-Control-Request-Private-Network` exist on OPTIONS', function(done) {
+      request(app.listen())
+        .options('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .set('Access-Control-Request-Private-Network', 'true')
+        .expect(res => {
+          assert(!('Access-Control-Allow-Private-Network' in res.headers));
+        })
+        .expect(204, done);
+    });
+  });
+
+  describe('options.privateNetworkAccess=true', function() {
+    const app = new Koa();
+    app.use(cors({
+      privateNetworkAccess: true,
+    }));
+
+    app.use(function(ctx) {
+      ctx.body = { foo: 'bar' };
+    });
+
+    it('should not set `Access-Control-Allow-Private-Network` on not OPTIONS', function(done) {
+      request(app.listen())
+        .get('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .expect(res => {
+          assert(!('Access-Control-Allow-Private-Network' in res.headers));
+        })
+        .expect(200, done);
+    });
+
+    it('should not set `Access-Control-Allow-Private-Network` if `Access-Control-Request-Private-Network` not exist on OPTIONS', function(done) {
+      request(app.listen())
+        .options('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .expect(res => {
+          assert(!('Access-Control-Allow-Private-Network' in res.headers));
+        })
+        .expect(204, done);
+    });
+
+    it('should always set `Access-Control-Allow-Private-Network` if `Access-Control-Request-Private-Network` exist on OPTIONS', function(done) {
+      request(app.listen())
+        .options('/')
+        .set('Origin', 'http://koajs.com')
+        .set('Access-Control-Request-Method', 'PUT')
+        .set('Access-Control-Request-Private-Network', 'true')
+        .expect('Access-Control-Allow-Private-Network', 'true')
+        .expect(204, done);
+    });
+  });
+
 });