Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(cors) follow mozilla guidelines for preflight request #4029

Merged
merged 5 commits into from Nov 30, 2018
Merged
Changes from 4 commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -8,7 +8,7 @@ local tostring = tostring
local ipairs = ipairs


local NO_CONTENT = 204
local HTTP_OK = 200


local CorsHandler = BasePlugin:extend()
@@ -137,7 +137,9 @@ function CorsHandler:access(conf)
set_header("Access-Control-Max-Age", tostring(conf.max_age))
end

return kong.response.exit(NO_CONTENT)
set_header("Content-Length", "0")
This conversation was marked as resolved by aslafy-z

This comment has been minimized.

Copy link
@thibaultcha

thibaultcha Nov 29, 2018

Member

kong.response.exit without a body will already set this header appropriately, we can remove this.

This comment has been minimized.

Copy link
@aslafy-z

aslafy-z Nov 30, 2018

Author Contributor

applied with 58949d2


return kong.response.exit(HTTP_OK)
end


@@ -160,7 +160,8 @@ describe("Plugin: cors (access)", function()
["Host"] = "cors1.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -182,7 +183,8 @@ describe("Plugin: cors (access)", function()
["Host"] = "cors-empty-origins.com",
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -198,7 +200,8 @@ describe("Plugin: cors (access)", function()
["Host"] = "cors5.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -214,7 +217,8 @@ describe("Plugin: cors (access)", function()
["Host"] = "cors2.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET", res.headers["Access-Control-Allow-Methods"])
assert.equal("example.com", res.headers["Access-Control-Allow-Origin"])
assert.equal("23", res.headers["Access-Control-Max-Age"])
@@ -245,7 +249,8 @@ describe("Plugin: cors (access)", function()
}
})

assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("origin,accepts", res.headers["Access-Control-Allow-Headers"])
end)
end)
@@ -201,7 +201,8 @@ for _, strategy in helpers.each_strategy() do
["Host"] = "cors1.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -224,7 +225,8 @@ for _, strategy in helpers.each_strategy() do
["Host"] = "cors-empty-origins.com",
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -241,7 +243,8 @@ for _, strategy in helpers.each_strategy() do
["Host"] = "cors5.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET,HEAD,PUT,PATCH,POST,DELETE", res.headers["Access-Control-Allow-Methods"])
assert.equal("*", res.headers["Access-Control-Allow-Origin"])
assert.is_nil(res.headers["Access-Control-Allow-Headers"])
@@ -258,7 +261,8 @@ for _, strategy in helpers.each_strategy() do
["Host"] = "cors2.com"
}
})
assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("GET", res.headers["Access-Control-Allow-Methods"])
assert.equal("example.com", res.headers["Access-Control-Allow-Origin"])
assert.equal("23", res.headers["Access-Control-Max-Age"])
@@ -290,7 +294,8 @@ for _, strategy in helpers.each_strategy() do
}
})

assert.res_status(204, res)
assert.res_status(200, res)
assert.equal("0", res.headers["Content-Length"])
assert.equal("origin,accepts", res.headers["Access-Control-Allow-Headers"])
end)
end)
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.