mockaton 7.2.0 → 7.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/package.json +1 -1
- package/src/Mockaton.test.js +5 -5
- package/src/utils/http-cors.js +13 -13
- package/src/utils/http-cors.test.js +1 -1
package/README.md
CHANGED
|
@@ -271,8 +271,8 @@ Config.corsOrigins = ['*']
|
|
|
271
271
|
Config.corsMethods = ['GET', 'PUT', 'DELETE', 'POST', 'PATCH', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT']
|
|
272
272
|
Config.corsHeaders = ['content-type']
|
|
273
273
|
Config.corsCredentials = true
|
|
274
|
-
Config.corsMaxAge = 0
|
|
275
|
-
Config.corsExposedHeaders = []
|
|
274
|
+
Config.corsMaxAge = 0 // seconds to cache the preflight req
|
|
275
|
+
Config.corsExposedHeaders = [] // headers you need to access in client-side JS
|
|
276
276
|
```
|
|
277
277
|
|
|
278
278
|
## `Config.onReady`
|
package/package.json
CHANGED
package/src/Mockaton.test.js
CHANGED
|
@@ -11,7 +11,7 @@ import { mimeFor } from './utils/mime.js'
|
|
|
11
11
|
import { Mockaton } from './Mockaton.js'
|
|
12
12
|
import { Commander } from './Commander.js'
|
|
13
13
|
import { parseFilename } from './Filename.js'
|
|
14
|
-
import {
|
|
14
|
+
import { CorsHeader } from './utils/http-cors.js'
|
|
15
15
|
import { API, DEFAULT_500_COMMENT, DEFAULT_MOCK_COMMENT } from './ApiConstants.js'
|
|
16
16
|
|
|
17
17
|
|
|
@@ -444,13 +444,13 @@ async function testCorsAllowed() {
|
|
|
444
444
|
const res = await request('/does-not-matter', {
|
|
445
445
|
method: 'OPTIONS',
|
|
446
446
|
headers: {
|
|
447
|
-
[
|
|
448
|
-
[
|
|
447
|
+
[CorsHeader.Origin]: 'http://example.com',
|
|
448
|
+
[CorsHeader.AccessControlRequestMethod]: 'GET'
|
|
449
449
|
}
|
|
450
450
|
})
|
|
451
451
|
equal(res.status, 204)
|
|
452
|
-
equal(res.headers.get(
|
|
453
|
-
equal(res.headers.get(
|
|
452
|
+
equal(res.headers.get(CorsHeader.AccessControlAllowOrigin), 'http://example.com')
|
|
453
|
+
equal(res.headers.get(CorsHeader.AccessControlAllowMethods), 'GET')
|
|
454
454
|
})
|
|
455
455
|
}
|
|
456
456
|
|
package/src/utils/http-cors.js
CHANGED
|
@@ -2,7 +2,7 @@ import { StandardMethods } from './http-request.js'
|
|
|
2
2
|
|
|
3
3
|
// https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-processing-model
|
|
4
4
|
|
|
5
|
-
export const
|
|
5
|
+
export const CorsHeader = {
|
|
6
6
|
// request
|
|
7
7
|
Origin: 'origin',
|
|
8
8
|
AccessControlRequestMethod: 'access-control-request-method',
|
|
@@ -16,13 +16,13 @@ export const PreflightHeader = {
|
|
|
16
16
|
AccessControlExposeHeaders: 'Access-Control-Expose-Headers', // '*' | Comma delimited
|
|
17
17
|
AccessControlAllowCredentials: 'Access-Control-Allow-Credentials' // 'true'
|
|
18
18
|
}
|
|
19
|
-
const
|
|
19
|
+
const CH = CorsHeader
|
|
20
20
|
|
|
21
21
|
|
|
22
22
|
export function isPreflight(req) {
|
|
23
23
|
return req.method === 'OPTIONS'
|
|
24
|
-
&& URL.canParse(req.headers[
|
|
25
|
-
&& StandardMethods.includes(req.headers[
|
|
24
|
+
&& URL.canParse(req.headers[CH.Origin])
|
|
25
|
+
&& StandardMethods.includes(req.headers[CH.AccessControlRequestMethod])
|
|
26
26
|
}
|
|
27
27
|
|
|
28
28
|
|
|
@@ -34,16 +34,16 @@ export function setCorsHeaders(req, response, {
|
|
|
34
34
|
credentials = false,
|
|
35
35
|
maxAge = 0
|
|
36
36
|
}) {
|
|
37
|
-
const reqOrigin = req.headers[
|
|
37
|
+
const reqOrigin = req.headers[CH.Origin]
|
|
38
38
|
const hasWildcard = origins.some(ao => ao === '*')
|
|
39
39
|
if (!reqOrigin || (!hasWildcard && !origins.includes(reqOrigin)))
|
|
40
40
|
return
|
|
41
|
-
response.setHeader(
|
|
41
|
+
response.setHeader(CH.AccessControlAllowOrigin, reqOrigin) // Never '*', so no need to `Vary` it
|
|
42
42
|
|
|
43
43
|
if (credentials)
|
|
44
|
-
response.setHeader(
|
|
44
|
+
response.setHeader(CH.AccessControlAllowCredentials, 'true')
|
|
45
45
|
|
|
46
|
-
if (req.headers[
|
|
46
|
+
if (req.headers[CH.AccessControlRequestMethod])
|
|
47
47
|
setPreflightSpecificHeaders(req, response, methods, headers, maxAge)
|
|
48
48
|
else
|
|
49
49
|
setActualRequestHeaders(response, exposedHeaders)
|
|
@@ -51,20 +51,20 @@ export function setCorsHeaders(req, response, {
|
|
|
51
51
|
|
|
52
52
|
|
|
53
53
|
function setPreflightSpecificHeaders(req, response, methods, headers, maxAge) {
|
|
54
|
-
const methodAskingFor = req.headers[
|
|
54
|
+
const methodAskingFor = req.headers[CH.AccessControlRequestMethod]
|
|
55
55
|
if (!methods.includes(methodAskingFor))
|
|
56
56
|
return
|
|
57
57
|
|
|
58
|
-
response.setHeader(
|
|
58
|
+
response.setHeader(CH.AccessControlAllowMethods, methodAskingFor)
|
|
59
59
|
if (headers.length)
|
|
60
|
-
response.setHeader(
|
|
60
|
+
response.setHeader(CH.AccessControlAllowHeaders, headers.join(','))
|
|
61
61
|
|
|
62
|
-
response.setHeader(
|
|
62
|
+
response.setHeader(CH.AccessControlMaxAge, maxAge)
|
|
63
63
|
}
|
|
64
64
|
|
|
65
65
|
|
|
66
66
|
function setActualRequestHeaders(response, exposedHeaders) {
|
|
67
67
|
// Exposed means the client-side JavaScript can read them
|
|
68
68
|
if (exposedHeaders.length)
|
|
69
|
-
response.setHeader(
|
|
69
|
+
response.setHeader(CH.AccessControlExposeHeaders, exposedHeaders.join(','))
|
|
70
70
|
}
|
|
@@ -2,7 +2,7 @@ import { equal } from 'node:assert/strict'
|
|
|
2
2
|
import { promisify } from 'node:util'
|
|
3
3
|
import { createServer } from 'node:http'
|
|
4
4
|
import { describe, it, after } from 'node:test'
|
|
5
|
-
import { isPreflight, setCorsHeaders,
|
|
5
|
+
import { isPreflight, setCorsHeaders, CorsHeader as PH } from './http-cors.js'
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
function headerIs(response, header, value) {
|