Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Prevent race condition in OPTIONS call

Browse Source
This commit is contained in:
Joachim Van Herwegen
2021-02-05 16:33:26 +01:00
parent df19aa26ef
commit 73acb9cd52
3 changed files with 29 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/integration/Middleware.test.ts
View File

@@ -62,7 +62,7 @@ describe('An Express server with middleware', (): void => {
}));
});
it('returns CORS headers for an OPTIONS request.', async(): Promise<void> => {
it('returns all relevant headers for an OPTIONS request.', async(): Promise<void> => {
const res = await request(server)
.options('/')
.set('Access-Control-Allow-Credentials', 'true')
@@ -73,7 +73,13 @@ describe('An Express server with middleware', (): void => {
expect(res.header).toEqual(expect.objectContaining({
'access-control-allow-origin': '*',
'access-control-allow-headers': 'content-type',
'updates-via': 'wss://example.pod/',
'x-powered-by': 'Community Solid Server',
}));
const { vary } = res.header;
expect(vary).toMatch(/(^|,)\s*Accept\s*(,|$)/iu);
expect(vary).toMatch(/(^|,)\s*Authorization\s*(,|$)/iu);
expect(vary).toMatch(/(^|,)\s*Origin\s*(,|$)/iu);
const corsMethods = res.header['access-control-allow-methods'].split(',')
.map((method: string): string => method.trim());
const allowedMethods = [ 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE' ];