krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 15:48:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(cors): allow authorization header

Browse Source
This commit is contained in:
Matteo Pagliazzi
2020-07-12 18:22:52 +02:00
parent 195928e471
commit d861236f44
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/api/unit/middlewares/cors.test.js
View File

@@ -21,7 +21,7 @@ describe('cors middleware', () => {
expect(res.set).to.have.been.calledWith({ expect(res.set).to.have.been.calledWith({
'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
}); });
expect(res.sendStatus).to.not.have.been.called; expect(res.sendStatus).to.not.have.been.called;
expect(next).to.have.been.calledOnce; expect(next).to.have.been.calledOnce;
@@ -33,7 +33,7 @@ describe('cors middleware', () => {
expect(res.set).to.have.been.calledWith({ expect(res.set).to.have.been.calledWith({
'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
}); });
expect(res.sendStatus).to.have.been.calledWith(200); expect(res.sendStatus).to.have.been.calledWith(200);
expect(next).to.not.have.been.called; expect(next).to.not.have.been.called;

2
website/server/middlewares/cors.js
View File

@@ -2,7 +2,7 @@ export default function corsMiddleware (req, res, next) {
res.set({ res.set({
'Access-Control-Allow-Origin': req.header('origin') || '*', 'Access-Control-Allow-Origin': req.header('origin') || '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
}); });
if (req.method === 'OPTIONS') return res.sendStatus(200); if (req.method === 'OPTIONS') return res.sendStatus(200);
return next(); return next();