From 89b1c57f8152a229103a2c428426be30e87ace9c Mon Sep 17 00:00:00 2001 From: Sam Stern Date: Mon, 13 May 2019 10:37:39 -0700 Subject: [PATCH 1/3] Very permissive CORS headers --- changelog.txt | 1 + src/emulator/functionsEmulator.ts | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/changelog.txt b/changelog.txt index e69de29bb2d..698ac610d8b 100644 --- a/changelog.txt +++ b/changelog.txt @@ -0,0 +1 @@ +fixed - Fixed issue with CORS rejecting some callable functions. diff --git a/src/emulator/functionsEmulator.ts b/src/emulator/functionsEmulator.ts index f401fb10db6..0862de0ebb1 100644 --- a/src/emulator/functionsEmulator.ts +++ b/src/emulator/functionsEmulator.ts @@ -90,9 +90,16 @@ export class FunctionsEmulator implements EmulatorInstance { hub.use((req, res, next) => { // Allow CORS to facilitate easier testing. - // Source: https://enable-cors.org/server_expressjCannot understand what targets to deploys.html + // Sources: + // * https://enable-cors.org/server_expressjCannot understand what targets to deploys.html + // * https://stackoverflow.com/a/37228330/324977 res.header("Access-Control-Allow-Origin", "*"); - res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); + res.header( + "Access-Control-Allow-Headers", + "Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers" + ); + res.header("Access-Control-Allow-Credentials", "true"); + res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT"); let data = ""; req.on("data", (chunk: any) => { From 0480da023e1db6d446d27ccff619f2bba50d43bf Mon Sep 17 00:00:00 2001 From: Sam Stern Date: Mon, 13 May 2019 11:53:22 -0700 Subject: [PATCH 2/3] Just the CORS headers we need --- src/emulator/functionsEmulator.ts | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/emulator/functionsEmulator.ts b/src/emulator/functionsEmulator.ts index 0862de0ebb1..cb7bcbdb936 100644 --- a/src/emulator/functionsEmulator.ts +++ b/src/emulator/functionsEmulator.ts @@ -94,12 +94,11 @@ export class FunctionsEmulator implements EmulatorInstance { // * https://enable-cors.org/server_expressjCannot understand what targets to deploys.html // * https://stackoverflow.com/a/37228330/324977 res.header("Access-Control-Allow-Origin", "*"); - res.header( - "Access-Control-Allow-Headers", - "Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers" - ); + + // For callable functions there are the default headers allowed. + res.header("Access-Control-Allow-Headers", "Content-Type, Authorization"); res.header("Access-Control-Allow-Credentials", "true"); - res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT"); + res.header("Access-Control-Allow-Methods", "GET,OPTIONS,POST"); let data = ""; req.on("data", (chunk: any) => { From 002b3ec8425d0a1b8f9b0e25a6abc0d0aa8917d1 Mon Sep 17 00:00:00 2001 From: Sam Stern Date: Mon, 13 May 2019 11:57:18 -0700 Subject: [PATCH 3/3] Add back headers removed --- src/emulator/functionsEmulator.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/emulator/functionsEmulator.ts b/src/emulator/functionsEmulator.ts index cb7bcbdb936..f913d4e9667 100644 --- a/src/emulator/functionsEmulator.ts +++ b/src/emulator/functionsEmulator.ts @@ -95,9 +95,11 @@ export class FunctionsEmulator implements EmulatorInstance { // * https://stackoverflow.com/a/37228330/324977 res.header("Access-Control-Allow-Origin", "*"); - // For callable functions there are the default headers allowed. - res.header("Access-Control-Allow-Headers", "Content-Type, Authorization"); - res.header("Access-Control-Allow-Credentials", "true"); + // Callable functions send "Authorization" and "Content-Type". + res.header( + "Access-Control-Allow-Headers", + "Origin, X-Requested-With, Content-Type, Authorization, Accept" + ); res.header("Access-Control-Allow-Methods", "GET,OPTIONS,POST"); let data = "";