fix: Calling all options even if origin header is not present (#87)

As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs Fix #18
koajs · Oct 8, 2022 · 7358ab3 · 7358ab3 · julienw · Oct 12, 2022
1 parent b49b085
commit 7358ab3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/index.js b/index.js
@@ -58,8 +58,6 @@ module.exports = function(options) {
     // https://github.com/rs/cors/issues/10
     ctx.vary('Origin');
 
-    if (!requestOrigin) return await next();
-
     let origin;
     if (typeof options.origin === 'function') {
       origin = await options.origin(ctx);

diff --git a/test/cors.test.js b/test/cors.test.js
@@ -77,6 +77,14 @@ describe('cors.test.js', function() {
         .expect({ foo: 'bar' })
         .expect(200, done);
     });
+
+    it('should always set `Access-Control-Allow-Origin` to *, even if no Origin is passed on request', function(done) {
+      request(app.listen())
+        .get('/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect({ foo: 'bar' })
+        .expect(200, done);
+    });
   });
 
   describe('options.secureContext=true', function() {