fix: Expose Www-Authenticate via CORS

To support reactive authentication where clients inspect the challenge to choose an authentication mechanism.
2024-10-03 14:55:10 +00:00 · 2022-11-07 08:45:52 +01:00 · 2022-11-07 08:45:52 +01:00 · 60718a123d
commit 60718a123d
parent 7fafd646fc
2 changed files with 8 additions and 1 deletions
--- a/config/http/middleware/handlers/cors.json
+++ b/config/http/middleware/handlers/cors.json
@ -26,7 +26,8 @@
        "Link",
        "Location",
        "Updates-Via",
-        "WAC-Allow"
+        "WAC-Allow",
+        "Www-Authenticate"
      ]
    }
  ]
--- a/test/integration/Middleware.test.ts
+++ b/test/integration/Middleware.test.ts
@ -133,6 +133,12 @@ describe('An http server with middleware', (): void => {
    expect(splitCommaSeparated(exposed)).toContain('Updates-Via');
  });

+  it('exposes the Www-Authenticate header via CORS.', async(): Promise<void> => {
+    const res = await request(server).get('/').expect(200);
+    const exposed = res.header['access-control-expose-headers'];
+    expect(splitCommaSeparated(exposed)).toContain('Www-Authenticate');
+  });
+
  it('sends incoming requests to the handler.', async(): Promise<void> => {
    const response = request(server).get('/').set('Host', 'test.com');
    expect(response).toBeDefined();