Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CORS headers #86

Merged
merged 2 commits into from
Jul 27, 2016
Merged

Add CORS headers #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
93e2619
add CORS headers
calebmer Jul 15, 2016
f7fc4a1
add tests
calebmer Jul 15, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions src/createServer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,41 @@ const createServer = ({
}) => {
const server = new Express()

server.disable('x-powered-by')

if (log) server.use(logger(development ? 'dev' : 'common'))
server.use(favicon(path.join(__dirname, '../assets/favicon.ico')))

// Enabels CORS. See [this][1] flowchart for an explanation of how CORS
// works. Note that these headers are set for all requests, CORS algorithms
// normally run a preflight request using the `OPTIONS` method to get these
// headers.
//
// [1]: http://www.html5rocks.com/static/images/cors_server_flowchart.png
server.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*')
res.header('Access-Control-Request-Method', 'GET, POST')
res.header('Access-Control-Allow-Headers', [
'Origin',
'X-Requested-With',
// Used by `express-graphql` to determine whether to expose the GraphiQL
// interface (`text/html`) or not.
'Accept',
// Used by PostGraphQL for auth purposes.
'Authorization',
// The `Content-*` headers are used when making requests with a body,
// like in a POST request.
'Content-Type',
'Content-Length',
].join(', '))
next()
})

// Don’t execute our GraphQL stuffs for options requests.
server.options('/*', (req, res) => {
res.sendStatus(200)
})

server.all(route, graphqlHTTP(async req => {
// Acquire a new client for every request.
const client = await pg.connectAsync(pgConfig)
Expand Down
30 changes: 30 additions & 0 deletions tests/createServer.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,4 +313,34 @@ describe('createServer', () => {
.expect({ claim: null })
)
})

it('will respond with CORS headers to an OPTIONS request', async () => {
const server = testCreateServer()
await (
request(server)
.options('/')
.expect(200)
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Request-Method', 'GET, POST')
.expect('Access-Control-Allow-Headers', /Accept, Authorization/)
)
})

it('will respond to any request with CORS headers', async () => {
const server = testCreateServer()
await (
request(server)
.get('/')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Request-Method', 'GET, POST')
.expect('Access-Control-Allow-Headers', /Accept, Authorization/)
)
await (
request(server)
.post('/')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Request-Method', 'GET, POST')
.expect('Access-Control-Allow-Headers', /Accept, Authorization/)
)
})
})