fix: add normalizeCorsOptions and handle wildcards in origin parameter (

#244)
fastify · Mar 14, 2023 · 365a08e · 365a08e
1 parent 3021936
commit 365a08e
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 7 deletions.
diff --git a/index.js b/index.js
@@ -53,7 +53,7 @@ function fastifyCors (fastify, opts, next) {
     handleCorsOptionsDelegator(delegator, fastify, options, next)
   } else {
     if (opts.hideOptionsRoute !== undefined) hideOptionsRoute = opts.hideOptionsRoute
-    const corsOptions = Object.assign({}, defaultOptions, opts)
+    const corsOptions = normalizeCorsOptions(opts)
     validateHook(corsOptions.hook, next)
     if (hookWithPayload.indexOf(corsOptions.hook) !== -1) {
       fastify.addHook(corsOptions.hook, function handleCors (req, reply, payload, next) {
@@ -104,8 +104,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
       fastify.addHook(hook, function handleCors (req, reply, payload, next) {
         const ret = optionsResolver(req)
         if (ret && typeof ret.then === 'function') {
-          ret.then(options => Object.assign({}, defaultOptions, options))
-            .then(corsOptions => addCorsHeadersHandler(fastify, corsOptions, req, reply, next)).catch(next)
+          ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
           return
         }
         next(new Error('Invalid CORS origin option'))
@@ -115,8 +114,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
       fastify.addHook(hook, function handleCors (req, reply, next) {
         const ret = optionsResolver(req)
         if (ret && typeof ret.then === 'function') {
-          ret.then(options => Object.assign({}, defaultOptions, options))
-            .then(corsOptions => addCorsHeadersHandler(fastify, corsOptions, req, reply, next)).catch(next)
+          ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)).catch(next)
           return
         }
         next(new Error('Invalid CORS origin option'))
@@ -130,12 +128,19 @@ function handleCorsOptionsCallbackDelegator (optionsResolver, fastify, req, repl
     if (err) {
       next(err)
     } else {
-      const corsOptions = Object.assign({}, defaultOptions, options)
-      addCorsHeadersHandler(fastify, corsOptions, req, reply, next)
+      addCorsHeadersHandler(fastify, normalizeCorsOptions(options), req, reply, next)
     }
   })
 }
 
+function normalizeCorsOptions (opts) {
+  const corsOptions = Object.assign({}, defaultOptions, opts)
+  if (Array.isArray(opts.origin) && opts.origin.indexOf('*') !== -1) {
+    corsOptions.origin = '*'
+  }
+  return corsOptions
+}
+
 function addCorsHeadersHandler (fastify, options, req, reply, next) {
   // Always set Vary header
   // https://github.com/rs/cors/issues/10

diff --git a/test/cors.test.js b/test/cors.test.js
@@ -825,3 +825,45 @@ test('Allow only request from with specific headers', t => {
     })
   })
 })
+
+test('Should support wildcard config /1', t => {
+  t.plan(4)
+
+  const fastify = Fastify()
+  fastify.register(cors, { origin: '*' })
+
+  fastify.get('/', (req, reply) => {
+    reply.send('ok')
+  })
+
+  fastify.inject({
+    method: 'GET',
+    url: '/'
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 200)
+    t.equal(res.payload, 'ok')
+    t.equal(res.headers['access-control-allow-origin'], '*')
+  })
+})
+
+test('Should support wildcard config /2', t => {
+  t.plan(4)
+
+  const fastify = Fastify()
+  fastify.register(cors, { origin: ['*'] })
+
+  fastify.get('/', (req, reply) => {
+    reply.send('ok')
+  })
+
+  fastify.inject({
+    method: 'GET',
+    url: '/'
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 200)
+    t.equal(res.payload, 'ok')
+    t.equal(res.headers['access-control-allow-origin'], '*')
+  })
+})