d0zingcat/cors-anywhere
1
0
Fork 0
mirror of https://github.com/d0zingcat/cors-anywhere.git synced 2026-05-13 23:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

only send Access-Control-Max-Age if preflight request, not POST/GET

Browse Source 
-Access-Control-Max-Age header only has meaning for preflights, not
 POST or GET, saves wire bytes by excluding it from POST/GET/etc,
 and future problems if ACMA on a content HTTP method is given
 meaning by W3C or a browser vendor

-fix expectNoHeader() test helper func ,this was a no-op before by
 accident and would NEVER fail,
 supertest/test.js:Test.prototype._assertFunction requires an retval of
 class type Error if test fail, not a string or a number or Object
This commit is contained in:
bulk88
2020-09-27 15:19:26 -04:00
parent a0309e6c47
commit b3a13b026c
2 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
test/test.js
View File

@@ -23,7 +23,7 @@ request.Test.prototype.expectJSON = function(json, done) {
request.Test.prototype.expectNoHeader = function(header, done) {
this.expect(function(res) {
if (header.toLowerCase() in res.headers) {
return 'Unexpected header in response: ' + header;
return new Error('Unexpected header in response: ' + header);
}
});
return done ? this.end(done) : this;
@@ -934,20 +934,36 @@ describe('Access-Control-Max-Age set', function() {
});
after(stopServer);
it('GET /', function(done) {
it('OPTIONS /', function(done) {
request(cors_anywhere)
.options('/')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Max-Age', '600')
.expect(200, '', done);
});
it('OPTIONS /example.com', function(done) {
request(cors_anywhere)
.options('/example.com')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Max-Age', '600')
.expect(200, '', done);
});
it('GET / no Access-Control-Max-Age on GET', function(done) {
request(cors_anywhere)
.get('/')
.type('text/plain')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Max-Age', '600')
.expectNoHeader('Access-Control-Max-Age')
.expect(200, helpText, done);
});
it('GET /example.com', function(done) {
it('GET /example.com no Access-Control-Max-Age on GET', function(done) {
request(cors_anywhere)
.get('/example.com')
.expect('Access-Control-Allow-Origin', '*')
.expect('Access-Control-Max-Age', '600')
.expectNoHeader('Access-Control-Max-Age')
.expect(200, 'Response from example.com', done);
});
});
@@ -959,6 +975,22 @@ describe('Access-Control-Max-Age not set', function() {
});
after(stopServer);
it('OPTIONS / corsMaxAge disabled', function(done) {
request(cors_anywhere)
.options('/')
.expect('Access-Control-Allow-Origin', '*')
.expectNoHeader('Access-Control-Max-Age')
.expect(200, '', done);
});
it('OPTIONS /example.com corsMaxAge disabled', function(done) {
request(cors_anywhere)
.options('/example.com')
.expect('Access-Control-Allow-Origin', '*')
.expectNoHeader('Access-Control-Max-Age')
.expect(200, '', done);
});
it('GET /', function(done) {
request(cors_anywhere)
.get('/')