requireHeader: Improve coverage and fix bug

When the single-string version of requireHeader was used, it was not properly transformed to a lowercase string. Now it is.
2026-05-26 15:10:06 +00:00 · 2016-02-26 13:13:58 +01:00
parent 24db52500f
commit 16b1a7e3a0
2 changed files with 63 additions and 1 deletions
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -227,7 +227,7 @@ var getHandler = exports.getHandler = function(options, proxy) {
  // Convert corsAnywhere.requireHeader to an array of lowercase header names, or null.
  if (corsAnywhere.requireHeader) {
    if (typeof corsAnywhere.requireHeader === 'string') {
-      corsAnywhere.requireHeader = [corsAnywhere.requireHeader];
+      corsAnywhere.requireHeader = [corsAnywhere.requireHeader.toLowerCase()];
    } else if (!Array.isArray(corsAnywhere.requireHeader) || corsAnywhere.requireHeader.length === 0) {
      corsAnywhere.requireHeader = null;
    } else {
--- a/test/test.js
+++ b/test/test.js
@@ -444,6 +444,68 @@ describe('requireHeader', function() {
      .expect('Access-Control-Allow-Origin', '*')
      .expect(200, done);
  });
+
+  it('GET /example.com without header (requireHeader as string)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'origin',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(400, 'Missing required request header. Must specify one of: origin', done);
+    });
+  });
+
+  it('GET /example.com with header (requireHeader as string)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'origin',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .set('Origin', 'null')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
+
+  it('GET /example.com without header (requireHeader as string, uppercase)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'ORIGIN',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(400, 'Missing required request header. Must specify one of: origin', done);
+    });
+  });
+
+  it('GET /example.com with header (requireHeader as string, uppercase)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'ORIGIN',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .set('Origin', 'null')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
+
+  it('GET /example.com (requireHeader is an empty array)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: [],
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
 });

 describe('removeHeaders', function() {