Properly set CORS headers for emulated functions (#1286)

firebase · May 13, 2019 · 7251c1f · 7251c1f · milansar · May 17, 2019
1 parent 73e417f
commit 7251c1f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1 +1,2 @@
-fixed - Functions emulator no longer watches node_modules files.
+fixed - Fixed issue with CORS rejecting some callable functions.
+fixed - Functions emulator no longer watches node_modules files.
diff --git a/src/emulator/functionsEmulator.ts b/src/emulator/functionsEmulator.ts
@@ -90,9 +90,17 @@ export class FunctionsEmulator implements EmulatorInstance {
 
     hub.use((req, res, next) => {
       // Allow CORS to facilitate easier testing.
-      // Source: https://enable-cors.org/server_expressjCannot understand what targets to deploys.html
+      // Sources:
+      //  * https://enable-cors.org/server_expressjCannot understand what targets to deploys.html
+      //  * https://stackoverflow.com/a/37228330/324977
       res.header("Access-Control-Allow-Origin", "*");
-      res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+
+      // Callable functions send "Authorization" and "Content-Type".
+      res.header(
+        "Access-Control-Allow-Headers",
+        "Origin, X-Requested-With, Content-Type, Authorization, Accept"
+      );
+      res.header("Access-Control-Allow-Methods", "GET,OPTIONS,POST");
 
       let data = "";
       req.on("data", (chunk: any) => {