From 60718a123d201d64315d03d5cd7977479d6cdc7f Mon Sep 17 00:00:00 2001 From: Samu Lang Date: Mon, 7 Nov 2022 08:45:52 +0100 Subject: [PATCH] fix: Expose Www-Authenticate via CORS To support reactive authentication where clients inspect the challenge to choose an authentication mechanism. --- config/http/middleware/handlers/cors.json | 3 ++- test/integration/Middleware.test.ts | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/config/http/middleware/handlers/cors.json b/config/http/middleware/handlers/cors.json index 4f4d90911..25d31d4fa 100644 --- a/config/http/middleware/handlers/cors.json +++ b/config/http/middleware/handlers/cors.json @@ -26,7 +26,8 @@ "Link", "Location", "Updates-Via", - "WAC-Allow" + "WAC-Allow", + "Www-Authenticate" ] } ] diff --git a/test/integration/Middleware.test.ts b/test/integration/Middleware.test.ts index 5e58d7cef..d4a257b0c 100644 --- a/test/integration/Middleware.test.ts +++ b/test/integration/Middleware.test.ts @@ -133,6 +133,12 @@ describe('An http server with middleware', (): void => { expect(splitCommaSeparated(exposed)).toContain('Updates-Via'); }); + it('exposes the Www-Authenticate header via CORS.', async(): Promise => { + const res = await request(server).get('/').expect(200); + const exposed = res.header['access-control-expose-headers']; + expect(splitCommaSeparated(exposed)).toContain('Www-Authenticate'); + }); + it('sends incoming requests to the handler.', async(): Promise => { const response = request(server).get('/').set('Host', 'test.com'); expect(response).toBeDefined();