Skip to content

Commit

Permalink
fix: return Access-Control-Allow-Headers=* for OPTIONS requests with …
Browse files Browse the repository at this point in the history 
…no Access-Control-Request-Headers

Closes: pact-foundation/pact-js#195
  • Loading branch information
@bethesque
bethesque committed Jul 4, 2018
1 parent db72b4d commit 855fd83
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 7 deletions.
26 changes: 19 additions & 7 deletions lib/pact/mock_service/request_handlers/options.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,44 @@ class Options < BaseRequestHandler

attr_reader :name, :logger, :cors_enabled

HTTP_ACCESS_CONTROL_REQUEST_METHOD = "HTTP_ACCESS_CONTROL_REQUEST_METHOD".freeze
HTTP_ACCESS_CONTROL_REQUEST_HEADERS = "HTTP_ACCESS_CONTROL_REQUEST_HEADERS".freeze
ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin".freeze
ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods".freeze
ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers".freeze
HTTP_ORIGIN = "HTTP_ORIGIN".freeze
ALL_METHODS = "DELETE, POST, GET, HEAD, PUT, TRACE, CONNECT, PATCH".freeze
REQUEST_METHOD = "REQUEST_METHOD".freeze
OPTIONS = "OPTIONS".freeze
X_PACT_MOCK_SERVICE_REGEXP = /x-pact-mock-service/i

def initialize name, logger, cors_enabled
@name = name
@logger = logger
@cors_enabled = cors_enabled
end

def match? env
is_options_request?(env) && (cors_enabled || is_administration_request?(env))
is_options_request?(env) && (cors_enabled || is_administration_request?(env))
end

def respond env
cors_headers = {
'Access-Control-Allow-Origin' => env.fetch('HTTP_ORIGIN','*'),
'Access-Control-Allow-Headers' => headers_from(env)["Access-Control-Request-Headers"],
'Access-Control-Allow-Methods' => 'DELETE, POST, GET, HEAD, PUT, TRACE, CONNECT, PATCH'
ACCESS_CONTROL_ALLOW_ORIGIN => env.fetch(HTTP_ORIGIN,'*'),
ACCESS_CONTROL_ALLOW_HEADERS => env.fetch(HTTP_ACCESS_CONTROL_REQUEST_HEADERS, '*'),
ACCESS_CONTROL_ALLOW_METHODS => ALL_METHODS
}
logger.info "Received OPTIONS request for mock service administration endpoint #{env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']} #{env['PATH_INFO']}. Returning CORS headers: #{cors_headers.to_json}."

logger.info "Received OPTIONS request for mock service administration endpoint #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]} #{env['PATH_INFO']}. Returning CORS headers: #{cors_headers}."
[200, cors_headers, []]
end

def is_options_request? env
env['REQUEST_METHOD'] == 'OPTIONS'
env[REQUEST_METHOD] == OPTIONS
end

def is_administration_request? env
(env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"] || '').match(/x-pact-mock-service/i)
(env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS] || '').match(X_PACT_MOCK_SERVICE_REGEXP)
end
end
end
Expand Down
55 changes: 55 additions & 0 deletions spec/lib/pact/mock_service/request_handlers/options_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
require 'pact/mock_service/request_handlers/options'

module Pact
module MockService
module RequestHandlers
describe Options do
subject { }

let(:logger) { Logger.new(StringIO.new) }
let(:cors_enabled) { true }

describe "respond" do
let(:response) { Options.new('provider', logger, cors_enabled).respond(env) }

describe "response headers" do
let(:env) do
{
'HTTP_ORIGIN' => 'foo.com',
'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => 'foo'
}
end

subject { response[1] }

it { is_expected.to include 'Access-Control-Allow-Methods' => 'DELETE, POST, GET, HEAD, PUT, TRACE, CONNECT, PATCH' }

context "with Origin" do
it { is_expected.to include 'Access-Control-Allow-Origin' => 'foo.com' }
end

context "with no Origin" do
let(:env) { {} }

it { is_expected.to include 'Access-Control-Allow-Origin' => '*' }
end

context "with no Access-Control-Request-Headers" do
it { is_expected.to_not include 'Access-Control-Allow-Headers' => '*' }
end

context "with Access-Control-Request-Headers" do
it { is_expected.to include 'Access-Control-Allow-Headers' => 'foo' }
end

context "with no Access-Control-Request-Headers" do
let(:env) { {} }

it { is_expected.to include 'Access-Control-Allow-Headers' => '*' }
end
end
end
end
end
end
end

0 comments on commit 855fd83

Please sign in to comment.