Skip to content

Commit

Permalink
Handle the case where the access-control-request-header is not provided
Browse files Browse the repository at this point in the history
  • Loading branch information
@justinmchase
justinmchase committed Nov 29, 2018
1 parent 02389b9 commit 597f29e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lib/cors.js
View file
Expand Up @@ -86,9 +86,10 @@ module.exports = function cors(config) {
return res.status(403).send(template);
}

const requestHeaders = (
req.get("access-control-request-headers") || ""
).split(",");
const requestHeaders = (req.get("access-control-request-headers") || "")
.split(",")
.filter(h => h);

const allowedHeaders = matchedRule
? requestHeaders
.map(header => header.trim().toLowerCase())
Expand Down
31 changes: 31 additions & 0 deletions test/test.js
View file
Expand Up @@ -1302,6 +1302,37 @@ describe("S3rver CORS Policy Tests", function() {
expect(error).to.exist;
}
});

it("should respond correctly to OPTIONS requests that dont specify access-control-request-headers", function*() {
const origin = "http://a-test.example.com";
const params = { Bucket: bucket, Key: "image" };
const url = s3Client.getSignedUrl("getObject", params);
let server;
yield thunkToPromise(done => {
server = new S3rver({
port: 4569,
silent: true,
cors: fs.readFileSync("./test/resources/cors_test1.xml")
}).run(done);
});
let error;
try {
yield request({
method: "OPTIONS",
url,
headers: {
origin,
"Access-Control-Request-Method": "GET",
// No Access-Control-Request-Headers specified...
}
});
} catch (err) {
error = err;
} finally {
yield thunkToPromise(done => server.close(done));
expect(error).to.not.exist;
}
})
});

describe("S3rver Tests with Static Web Hosting", function() {
Expand Down

0 comments on commit 597f29e

Please sign in to comment.