Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add maxAge and cacheControl options to @middy/http-cors #473

Merged
merged 3 commits into from
Feb 6, 2020
Merged

Add maxAge and cacheControl options to @middy/http-cors #473

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4b0acdf
Add maxAge and cacheControl options to @middy/http-cors
onhate Jan 31, 2020
4012918
Merge tag '1.0.0-beta.4' of github.com:middyjs/middy into cors-max-ag…
lmammino Feb 6, 2020
2d0755f
version bump
lmammino Feb 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions packages/http-cors/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ npm install --save @middy/http-cors
- `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present.
- `headers` (string) (optional): value to put in Access-Control-Allow-Headers (default: `null`)
- `credentials` (bool) (optional): if true, sets the `Access-Control-Allow-Origin` as request header `Origin`, if present (default `false`)
- `maxAge` (string) (optional): value to put in Access-Control-Max-Age header (default: `null`)
- `cacheControl` (string) (optional): value to put in Cache-Control header on pre-flight (OPTIONS) requests (default: `null`)

NOTES:
- If another middleware does not handle and swallow errors, then it will bubble all the way up
Expand Down
97 changes: 97 additions & 0 deletions packages/http-cors/__tests__/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,4 +432,101 @@ describe('📦 Middleware CORS', () => {

expect(response).toEqual({})
})

test('it should set Cache-Control header if present in config and http method OPTIONS', async () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})

handler.use(cors({ cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate' }))

const event = {
httpMethod: 'OPTIONS'
}

const response = await invoke(handler, event)
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*',
'Cache-Control': 'max-age=3600, s-maxage=3600, proxy-revalidate'
}
})
})

test.each(['GET', 'POST', 'PUT', 'PATCH'])('it should not set Cache-Control header on %s', async (httpMethod) => {
const handler = middy((event, context, cb) => {
cb(null, {})
})

handler.use(cors({ cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate' }))

const event = { httpMethod }

const response = await invoke(handler, event)
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*'
}
})
})

test('it should not overwrite Cache-Control header if already set', async () => {
const handler = middy((event, context, cb) => {
cb(null, { headers: { 'Cache-Control': 'max-age=1200' } })
})

handler.use(cors({ cacheControl: 'max-age=3600, s-maxage=3600, proxy-revalidate' }))

const event = {
httpMethod: 'OPTIONS'
}

const response = await invoke(handler, event)
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*',
'Cache-Control': 'max-age=1200'
}
})
})

test('it should set Access-Control-Max-Age header if present in config', async () => {
const handler = middy((event, context, cb) => {
cb(null, {})
})

handler.use(cors({ maxAge: '3600' }))

const event = {
httpMethod: 'GET'
}

const response = await invoke(handler, event)
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Max-Age': '3600'
}
})
})

test('it should not overwrite Access-Control-Max-Age header if already set', async () => {
const handler = middy((event, context, cb) => {
cb(null, { headers: { 'Access-Control-Max-Age': '-1' } })
})

handler.use(cors({ maxAge: '3600' }))

const event = {
httpMethod: 'GET'
}

const response = await invoke(handler, event)
expect(response).toEqual({
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Max-Age': '-1'
}
})
})
})
2 changes: 2 additions & 0 deletions packages/http-cors/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ interface ICorsOptions {
origins?: string[];
headers?: string;
credentials?: boolean;
maxAge?: string;
cacheControl?: string;
}

declare const cors : middy.Middleware<ICorsOptions, any, any>
Expand Down
14 changes: 13 additions & 1 deletion packages/http-cors/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ const defaults = {
getOrigin,
origin: '*',
headers: null,
credentials: false
credentials: false,
maxAge: null,
cacheControl: null
}

const addCorsHeaders = (opts, handler, next) => {
Expand Down Expand Up @@ -47,6 +49,16 @@ const addCorsHeaders = (opts, handler, next) => {
const incomingOrigin = headers.origin || headers.Origin
handler.response.headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options)
}

if (options.maxAge && !Object.prototype.hasOwnProperty.call(handler.response.headers, 'Access-Control-Max-Age')) {
handler.response.headers['Access-Control-Max-Age'] = String(options.maxAge)
}

if (handler.event.httpMethod === 'OPTIONS') {
if (options.cacheControl && !Object.prototype.hasOwnProperty.call(handler.response.headers, 'Cache-Control')) {
handler.response.headers['Cache-Control'] = String(options.cacheControl)
}
}
}

next(handler.error)
Expand Down