diff --git a/lib/server.js b/lib/server.js index 6b8c747f6..6033b0b04 100644 --- a/lib/server.js +++ b/lib/server.js @@ -475,12 +475,6 @@ function sendErrorMessage(req, res, code) { ); return; } - if (req.headers.origin) { - headers["Access-Control-Allow-Credentials"] = "true"; - headers["Access-Control-Allow-Origin"] = req.headers.origin; - } else { - headers["Access-Control-Allow-Origin"] = "*"; - } if (res !== undefined) { res.writeHead(400, headers); res.end( diff --git a/test/server.js b/test/server.js index 9f734ace3..aeef78877 100644 --- a/test/server.js +++ b/test/server.js @@ -33,7 +33,6 @@ describe("server", function() { expect(res.status).to.be(400); expect(res.body.code).to.be(0); expect(res.body.message).to.be("Transport unknown"); - expect(res.header["access-control-allow-origin"]).to.be("*"); done(); }); }); @@ -51,12 +50,6 @@ describe("server", function() { expect(res.status).to.be(400); expect(res.body.code).to.be(0); expect(res.body.message).to.be("Transport unknown"); - expect(res.header["access-control-allow-credentials"]).to.be( - "true" - ); - expect(res.header["access-control-allow-origin"]).to.be( - "http://engine.io" - ); done(); }); }); @@ -73,12 +66,6 @@ describe("server", function() { expect(res.status).to.be(400); expect(res.body.code).to.be(1); expect(res.body.message).to.be("Session ID unknown"); - expect(res.header["access-control-allow-credentials"]).to.be( - "true" - ); - expect(res.header["access-control-allow-origin"]).to.be( - "http://engine.io" - ); done(); }); }); @@ -101,12 +88,6 @@ describe("server", function() { expect(res.status).to.be(403); expect(res.body.code).to.be(4); expect(res.body.message).to.be("Thou shall not pass"); - expect(res.header["access-control-allow-credentials"]).to.be( - undefined - ); - expect(res.header["access-control-allow-origin"]).to.be( - undefined - ); done(); }); } @@ -488,25 +469,30 @@ describe("server", function() { }); it("should disallow bad requests", function(done) { - listen(function(port) { - request - .get("http://localhost:%d/engine.io/default/".s(port)) - .set("Origin", "http://engine.io") - .query({ transport: "websocket" }) - .end(function(err, res) { - expect(err).to.be.an(Error); - expect(res.status).to.be(400); - expect(res.body.code).to.be(3); - expect(res.body.message).to.be("Bad request"); - expect(res.header["access-control-allow-credentials"]).to.be( - "true" - ); - expect(res.header["access-control-allow-origin"]).to.be( - "http://engine.io" - ); - done(); - }); - }); + listen( + { + cors: { credentials: true, origin: "http://engine.io" } + }, + function(port) { + request + .get("http://localhost:%d/engine.io/default/".s(port)) + .set("Origin", "http://engine.io") + .query({ transport: "websocket" }) + .end(function(err, res) { + expect(err).to.be.an(Error); + expect(res.status).to.be(400); + expect(res.body.code).to.be(3); + expect(res.body.message).to.be("Bad request"); + expect(res.header["access-control-allow-credentials"]).to.be( + "true" + ); + expect(res.header["access-control-allow-origin"]).to.be( + "http://engine.io" + ); + done(); + }); + } + ); }); it("should send a packet along with the handshake", function(done) {