Skip to content

Commit

Permalink
refactor: default clientBasedCORS helper is now false
Browse files Browse the repository at this point in the history 
BREAKING CHANGE: Default clientBasedCORS helper return value is now
`false`, you must ergo use this helper to open up cors based on your
policy.
  • Loading branch information
@panva
panva committed Mar 17, 2020
1 parent 4df1a0c commit 4cf4cc6
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 15 deletions.
2 changes: 1 addition & 1 deletion docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1980,7 +1980,7 @@ Function used to check whether a given CORS request should be allowed based on t
_**default value**_:
```js
function clientBasedCORS(ctx, origin, client) {
return true;
return false;
}
```

Expand Down
4 changes: 2 additions & 2 deletions lib/helpers/defaults.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ async function audiences(ctx, sub, token, use) { // eslint-disable-line no-unuse
}

function clientBasedCORS(ctx, origin, client) { // eslint-disable-line no-unused-vars
shouldChange('clientBasedCORS', 'control CORS allowed Origins based on the client making a CORS request');
return true;
mustChange('clientBasedCORS', 'control CORS allowed Origins based on the client making a CORS request');
return false;
}

/* istanbul ignore next */
Expand Down
25 changes: 13 additions & 12 deletions test/cors/cors.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,18 @@ describe('CORS setup', () => {
expect(headers[ACAHeaders]).to.eql('foo');
});

describe('with clientBasedCORS true (default)', () => {
describe('with clientBasedCORS resolving to true', () => {
before(function () {
const conf = i(this.provider).configuration();
this.clientBasedCORS = conf.clientBasedCORS;
conf.clientBasedCORS = () => true;
});

after(function () {
const conf = i(this.provider).configuration();
conf.clientBasedCORS = this.clientBasedCORS;
});

it('userinfo has cors open', async function () {
const { status, headers } = await req.call(
this,
Expand Down Expand Up @@ -281,17 +292,7 @@ describe('CORS setup', () => {
});
});

describe('with clientBasedCORS false', () => {
before(function () {
const conf = i(this.provider).configuration();
conf.clientBasedCORS = () => false;
});

after(function () {
const conf = i(this.provider).configuration();
conf.clientBasedCORS = () => true;
});

describe('with clientBasedCORS false (default)', () => {
it('userinfo has cors closed', async function () {
const { status, headers } = await req.call(
this,
Expand Down

0 comments on commit 4cf4cc6

Please sign in to comment.