Skip to content

Commit

Permalink
Merge pull request #2859 from AdriVanHoudt/cors-404-reasons
Browse files Browse the repository at this point in the history 
Add error messages to 404's caused by cors closes #2857
  • Loading branch information
@hueniverse
hueniverse committed Oct 20, 2015
2 parents 7037f5f + 0f06182 commit 2018ff8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
10 changes: 5 additions & 5 deletions lib/cors.js
View file
Expand Up @@ -87,12 +87,12 @@ internals.handler = function (request, reply) {

var origin = request.headers.origin;
if (!origin) {
return reply(Boom.notFound());
return reply(Boom.notFound('Missing Origin header'));
}

var method = request.headers['access-control-request-method'];
if (!method) {
return reply(Boom.notFound());
return reply(Boom.notFound('Missing Access-Control-Request-Method header'));
}

// Lookup route
Expand All @@ -104,13 +104,13 @@ internals.handler = function (request, reply) {

var settings = route.settings.cors;
if (!settings) {
return reply(Boom.notFound());
return reply(Boom.notFound('CORS is disabled for this route'));
}

// Validate Origin header

if (!internals.matchOrigin(origin, settings)) {
return reply(Boom.notFound());
return reply(Boom.notFound('Origin not allowed'));
}

// Validate allowed headers
Expand All @@ -119,7 +119,7 @@ internals.handler = function (request, reply) {
if (headers) {
headers = headers.split(/\s*,\s*/);
if (Hoek.intersect(headers, settings._headers).length !== headers.length) {
return reply(Boom.notFound());
return reply(Boom.notFound('Some headers are not allowed'));
}
}

Expand Down
6 changes: 6 additions & 0 deletions test/cors.js
View file
Expand Up @@ -96,6 +96,7 @@ describe('CORS', function () {
server.inject({ method: 'OPTIONS', url: '/b', headers: { origin: 'http://example.com/', 'access-control-request-method': 'GET' } }, function (res2) {

expect(res2.statusCode).to.equal(404);
expect(res2.result.message).to.equal('CORS is disabled for this route');
expect(res2.headers['access-control-allow-origin']).to.not.exist();
done();
});
Expand Down Expand Up @@ -130,6 +131,7 @@ describe('CORS', function () {
server.inject({ method: 'OPTIONS', url: '/c', headers: { origin: 'http://example.com/', 'access-control-request-method': 'GET' } }, function (res3) {

expect(res3.statusCode).to.equal(404);
expect(res3.result.message).to.equal('CORS is disabled for this route');
expect(res3.headers['access-control-allow-origin']).to.not.exist();
done();
});
Expand Down Expand Up @@ -455,6 +457,7 @@ describe('CORS', function () {
server.inject({ method: 'OPTIONS', url: '/', headers: { 'access-control-request-method': 'GET' } }, function (res) {

expect(res.statusCode).to.equal(404);
expect(res.result.message).to.equal('Missing Origin header');
done();
});
});
Expand All @@ -472,6 +475,7 @@ describe('CORS', function () {
server.inject({ method: 'OPTIONS', url: '/', headers: { origin: 'http://example.com/' } }, function (res) {

expect(res.statusCode).to.equal(404);
expect(res.result.message).to.equal('Missing Access-Control-Request-Method header');
done();
});
});
Expand Down Expand Up @@ -501,6 +505,7 @@ describe('CORS', function () {
server.inject({ method: 'OPTIONS', url: '/', headers: { origin: 'http://example.com/', 'access-control-request-method': 'GET' } }, function (res) {

expect(res.statusCode).to.equal(404);
expect(res.result.message).to.equal('Origin not allowed');
done();
});
});
Expand Down Expand Up @@ -554,6 +559,7 @@ describe('CORS', function () {
}, function (res) {

expect(res.statusCode).to.equal(404);
expect(res.result.message).to.equal('Some headers are not allowed');
done();
});
});
Expand Down

0 comments on commit 2018ff8

Please sign in to comment.