search

Tabcorp / restify-cors-middleware

CORS middleware with full W3C spec support
108 stars 64 forks source link

White listed origins not taking effect #56

Open benigls opened 6 years ago

benigls commented 6 years ago

I tried to test the restify-cors-middleware v1.1.0 using restify v4.3.2 and it seems ignoring the white listed origins. The code and test request that I used are below.

const restify = require('restify');
const corsMiddleware = require('restify-cors-middleware');

let server = restify.createServer({
  name: 'restify-test-cors'
});

const cors = corsMiddleware({
  origins: ['http://localhost:3000']
});

server.pre(cors.preflight);
server.use(cors.actual);

server.listen(8080, 'localhost', () => {
  console.log('running..');
});

server.get('/test', (req, res, next) => {
  res.send({ test: 'test' });
  next();
});
curl -v -X 'OPTIONS' -H 'Access-Control-Request-Method: GET' -H 'Origin: http://localhost:8000' 'http://localhost:8080/test'                                                                                                               
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> OPTIONS /test HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Access-Control-Request-Method: GET
> Origin: http://localhost:8000
> 
< HTTP/1.1 200 OK
< Allow: GET
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Access-Control-Allow-Headers: accept, accept-version, content-type, request-id, origin, x-api-version, x-request-id
< Access-Control-Max-Age: 3600
< Date: Wed, 13 Dec 2017 08:13:21 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
< 
* Connection #0 to host localhost left intact
giuseppepaul-axiell commented 6 years ago

Did you manage to find a fix for this @benigls ?

benigls commented 6 years ago

@giuseppepaul-axiell I didn't. I tried testing it in v5 and v6 and it works.