From 16b1a7e3a06d9e049353d516239e74a94013c434 Mon Sep 17 00:00:00 2001
From: Rob Wu <rob@robwu.nl>
Date: Fri, 26 Feb 2016 13:13:58 +0100
Subject: [PATCH] requireHeader: Improve coverage and fix bug

When the single-string version of requireHeader was used, it was not
properly transformed to a lowercase string. Now it is.
---
 lib/cors-anywhere.js |  2 +-
 test/test.js         | 62 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index ad0bb4a..af05e9d 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -227,7 +227,7 @@ var getHandler = exports.getHandler = function(options, proxy) {
   // Convert corsAnywhere.requireHeader to an array of lowercase header names, or null.
   if (corsAnywhere.requireHeader) {
     if (typeof corsAnywhere.requireHeader === 'string') {
-      corsAnywhere.requireHeader = [corsAnywhere.requireHeader];
+      corsAnywhere.requireHeader = [corsAnywhere.requireHeader.toLowerCase()];
     } else if (!Array.isArray(corsAnywhere.requireHeader) || corsAnywhere.requireHeader.length === 0) {
       corsAnywhere.requireHeader = null;
     } else {
diff --git a/test/test.js b/test/test.js
index 43b9e56..e29f812 100644
--- a/test/test.js
+++ b/test/test.js
@@ -444,6 +444,68 @@ describe('requireHeader', function() {
       .expect('Access-Control-Allow-Origin', '*')
       .expect(200, done);
   });
+
+  it('GET /example.com without header (requireHeader as string)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'origin',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(400, 'Missing required request header. Must specify one of: origin', done);
+    });
+  });
+
+  it('GET /example.com with header (requireHeader as string)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'origin',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .set('Origin', 'null')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
+
+  it('GET /example.com without header (requireHeader as string, uppercase)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'ORIGIN',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(400, 'Missing required request header. Must specify one of: origin', done);
+    });
+  });
+
+  it('GET /example.com with header (requireHeader as string, uppercase)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: 'ORIGIN',
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .set('Origin', 'null')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
+
+  it('GET /example.com (requireHeader is an empty array)', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        requireHeader: [],
+      });
+      request(cors_anywhere)
+        .get('/example.com/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect(200, 'Response from example.com', done);
+    });
+  });
 });
 
 describe('removeHeaders', function() {