зеркало из https://github.com/mozilla/makedrive.git
Fix Issues #136 - Access-Control-Allow-Origin
This commit is contained in:
Ali Al Dallal
Родитель
0380cbb0d8
Коммит
73d9999fab
|
|
@ -1,5 +1,5 @@
|
|||
env:
|
||||
- "PORT=9090 ALLOWED_CORS_DOMAINS=\"http://localhost:5001\" NODE_ENV=\"development\" ENABLE_GELF_LOGS=false SESSION_SECRET=\"secret value\" FORCE_SSL=false LOGIN_SERVER_URL_WITH_AUTH=\"http://localhost:3000\""
|
||||
- "PORT=9090 ALLOWED_CORS_DOMAINS=\"http://localhost:7777\" NODE_ENV=\"development\" ENABLE_GELF_LOGS=false SESSION_SECRET=\"secret value\" FORCE_SSL=false LOGIN_SERVER_URL_WITH_AUTH=\"http://localhost:3000\""
|
||||
language: node_js
|
||||
node_js:
|
||||
- "0.10"
|
||||
|
|
|
|||
4
env.dist
4
env.dist
|
|
@ -8,8 +8,8 @@ export NODE_ENV="development"
|
|||
export PORT=9090
|
||||
|
||||
# Allowed CORS domains
|
||||
# Use comma for more domains e.g. http://localhost:5001,http://localhost:7777
|
||||
export ALLOWED_CORS_DOMAINS="http://localhost:5001"
|
||||
# Add domains that we allow (e.g., for /api/sync route)
|
||||
export ALLOWED_CORS_DOMAINS='["http://localhost:7777", "http://localhost:5001"]'
|
||||
|
||||
# AWS-S3 information
|
||||
export S3_BUCKET="org.webmadecontent.staging.makedrive"
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ if ( env.get( "ENABLE_GELF_LOGS" ) ) {
|
|||
|
||||
// General middleware
|
||||
app.disable( "x-powered-by" );
|
||||
app.use( middleware.crossOriginHandler );
|
||||
app.use( helmet.contentTypeOptions() );
|
||||
app.use( helmet.hsts() );
|
||||
app.enable( "trust proxy" );
|
||||
|
|
|
|||
|
|
@ -29,8 +29,11 @@ module.exports = {
|
|||
},
|
||||
|
||||
crossOriginHandler: function( req, res, next ) {
|
||||
res.header( "Access-Control-Allow-Origin", env.get("ALLOWED_CORS_DOMAINS") );
|
||||
res.header( "Access-Control-Allow-Credentials", true );
|
||||
if (env.get("ALLOWED_CORS_DOMAINS").indexOf(req.headers.origin) > -1) {
|
||||
res.header('Access-Control-Allow-Origin', req.headers.origin);
|
||||
res.header('Access-Control-Allow-Credentials', true);
|
||||
}
|
||||
|
||||
next();
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,15 @@
|
|||
var expect = require('chai').expect;
|
||||
var request = require('request');
|
||||
var util = require('../lib/util');
|
||||
// Ensure the client timeout restricts tests to a reasonable length
|
||||
var env = require('../../server/lib/environment');
|
||||
var ALLOW_DOMAINS = process.env.ALLOWED_CORS_DOMAINS || env.get("ALLOWED_CORS_DOMAINS");
|
||||
env.set('ALLOWED_CORS_DOMAINS', 'http://localhost:9090');
|
||||
var ALLOW_DOMAINS = process.env.ALLOWED_CORS_DOMAINS;
|
||||
|
||||
describe('[HTTP route tests]', function() {
|
||||
it('should allow CORS access to /api/sync route', function(done) {
|
||||
request.get('http://localhost:9090/api/sync', function(req, res, body) {
|
||||
expect(res.headers['access-control-allow-origin']).to.be.eql(ALLOW_DOMAINS);
|
||||
request.get('http://localhost:9090/api/sync', { headers: {origin: ALLOW_DOMAINS }}, function(req, res, body) {
|
||||
expect(ALLOW_DOMAINS).to.contain(res.headers['access-control-allow-origin']);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче