Merge pull request #9 from oreillymedia/master

Fixing default cors settings

Author: sideshowcoder

bin/canned

@@ -8,6 +8,8 @@ var canned = require('../canned')
           .describe('p', 'server port')
           .default('cors', true)
           .describe('cors', 'disable cors support')
+          .default('headers', false)
+          .describe('headers', 'add custom headers allowed in cors requests')
           .default('h', false)
           .alias('h', 'help')
           .describe('h', 'show the help')
@@ -21,7 +23,8 @@ if(argv.h) {
 
 var dir = ''
 ,   port = argv.p
-,   cors = argv.c
+,   cors = argv.cors
+,   cors_headers = argv.headers
 ,   logger
 ,   cannedDir
 
@@ -34,6 +37,6 @@ if(argv.q) {
   process.stdout.write('starting canned on port ' + port + ' for ' + cannedDir + '\n')
 }
 
-var can = canned(dir, { logger: logger, cors: cors})
+var can = canned(dir, { logger: logger, cors: cors, cors_headers: cors_headers})
 http.createServer(can).listen(port)
 

canned.js

@@ -5,7 +5,10 @@ var Response = require('./lib/response')
 
 function Canned(dir, options) {
   this.logger = options.logger
-  this.response_opts = { cors_enabled: options.cors }
+  this.response_opts = { 
+    cors_enabled: options.cors,
+    cors_headers: options.cors_headers
+  }
   this.dir = process.cwd() + '/' + dir
 }
 

lib/response.js

@@ -14,6 +14,7 @@ Response.cors_headers = [
 
 function Response(content_type, content, statusCode, res, options) {
   this.cors_enabled = !!options.cors_enabled
+  this.cors_headers = options.cors_headers
   this.content_type = content_type
   this.content = content
   this.statusCode = statusCode
@@ -43,8 +44,14 @@ Response.prototype._addContentTypeHeaders = function(headers) {
 }
 
 Response.prototype._addCORSHeaders = function(headers) {
+  var that = this;
   if (this.cors_enabled) {
-    Response.cors_headers.forEach(function(h) { headers.push(h) })
+    Response.cors_headers.forEach(function(h) {
+      if(!!that.cors_headers && h[0] == 'Access-Control-Allow-Headers')
+        headers.push([h[0], h[1] + ", " + that.cors_headers])
+      else
+        headers.push(h)
+    })
   }
   return headers
 }

spec/canned.spec.js

@@ -157,5 +157,23 @@ describe('canned', function() {
       }
       can(req, res)
     })
+
+    it('adds custom headers', function(done) {
+      var can2 = canned('./spec/test_responses', { cors: true, cors_headers: "Authorization" })
+      req.url = '/'
+      var expectedHeaders = {
+        'Access-Control-Allow-Origin': "*",
+        'Access-Control-Allow-Headers': "X-Requested-With, Authorization"
+      }
+      res.setHeader = function(name, value) {
+        if(expectedHeaders[name]) {
+          expect(expectedHeaders[name]).toBe(value)
+          delete expectedHeaders[name]
+        }
+        // all expected headers have been set!
+        if(Object.keys(expectedHeaders).length === 0) done()
+      }
+      can2(req, res)
+    })
   })
 })