fix(cors): reject preflight immediately if any requested header is disallowed

[visionEye0]

I have fixed the issue where the CORS preflight would incorrectly return a successful 200/204 response when a mix of allowed and disallowed headers were requested.

What was changed:
I've updated src/http/handlers/cors/cors-handler.ts to strictly validate Access-Control-Request-Headers. The handler now ensures that every single header in the requested list is present in the allowedHeaders. If any requested header is missing from the allowed list, the preflight request is immediately rejected.

I've also updated the tests in src/http/handlers/cors/cors-handler.spec.ts to add a test case verifying this exact scenario

related issue - #76

Summary by CodeRabbit

• Bug Fixes

  • Improved CORS preflight header validation: the handler now strictly validates that all requested headers are in the allowed list and rejects requests if any requested header is not permitted. When valid, the original requested header list is properly echoed in the response.

• Tests

  • Updated CORS preflight test cases to verify stricter header validation behavior.

Closes #76

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 943f4012-a7c8-45ee-87d7-4532aa395c61

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[VikramAditya33]

@visionEye0 Are you able to assign a review from the top right corner? otherwise it's alright

[visionEye0]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[VikramAditya33]

@coderabbitai review

😂😂 Not the coderabbit one, asking for myself

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@VikramAditya33 Ha, no worries! 😄 Looks like visionEye0 accidentally summoned me instead of assigning you as a reviewer. visionEye0, you can add VikramAditya33 as a reviewer from the Reviewers panel on the right side of this PR. I'll stay out of the way on that one! 🙂

[VikramAditya33]

LGTM, Thank you