Skip to content

Commit

Permalink
fix: must specify an origin value instead of "*" wildcard (#85)
Browse files Browse the repository at this point in the history
  • Loading branch information
TyrealHu and TyrealHu authored Aug 19, 2022
1 parent 241a542 commit 1205356
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
*.out
*.pid
*.gz
.idea
.DS_Store

pids
logs
Expand Down
4 changes: 4 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,10 @@ module.exports = function(options) {
credentials = !!options.credentials;
}

if (credentials && origin === '*') {

This comment has been minimized.

Copy link
@fengmk2

fengmk2 Aug 22, 2022

Member

should detect options.origin

This comment has been minimized.

Copy link
@fengmk2

fengmk2 Aug 22, 2022

Member

rollback latest to @koa/[email protected]

This comment has been minimized.

Copy link
@fengmk2

fengmk2 Aug 22, 2022

Member

latest: @koa/[email protected] again

origin = requestOrigin;
}

const headersSet = {};

function set(key, value) {
Expand Down
42 changes: 42 additions & 0 deletions test/cors.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -889,4 +889,46 @@ describe('cors.test.js', function() {
});
});

describe('options.origin=*, and options.credentials=true', function() {
const app = new Koa();
app.use(cors({
origin: '*',
credentials: true,
}));

app.use(function(ctx) {
ctx.body = { foo: 'bar' };
});

it('Access-Control-Allow-Origin should be request.origin, and Access-Control-Allow-Credentials should be true', function(done) {
request(app.listen())
.get('/')
.set('Origin', 'http://koajs.com')
.expect('Access-Control-Allow-Credentials', 'true')
.expect('Access-Control-Allow-Origin', 'http://koajs.com')
.expect({ foo: 'bar' })
.expect(200, done);
});
});

describe('options.origin=*, and options.credentials=false', function() {
const app = new Koa();
app.use(cors({
origin: '*',
credentials: false,
}));

app.use(function(ctx) {
ctx.body = { foo: 'bar' };
});

it('Access-Control-Allow-Origin should be *', function(done) {
request(app.listen())
.get('/')
.set('Origin', 'http://koajs.com')
.expect('Access-Control-Allow-Origin', '*')
.expect({ foo: 'bar' })
.expect(200, done);
});
});
});

0 comments on commit 1205356

Please sign in to comment.