cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #557 from CartoDB/cors-authorization-headers

Browse Source 
adding Authorization to Access-Control-Allow-Headers
This commit is contained in:
Alberto Romeu 2019-01-11 12:07:05 +01:00 committed by GitHub
commit 2a9b1c8457
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS.md
View File

@ -11,6 +11,8 @@ Announcements:
* Consider cancelled queries as platform limits. * Consider cancelled queries as platform limits.
* Report fine-grained Garbage Collector stats * Report fine-grained Garbage Collector stats
* Both query endpoints as the same one in rate limits terms * Both query endpoints as the same one in rate limits terms
* Adding Authorization to Access-Control-Allow-Headers (https://github.com/CartoDB/CartoDB-SQL-API/issues/534)
## 2.3.1 ## 2.3.1
Released 2018-12-23 Released 2018-12-23

2
app/middlewares/cors.js
View File

@ -2,7 +2,7 @@
module.exports = function cors(extraHeaders) { module.exports = function cors(extraHeaders) {
return function(req, res, next) { return function(req, res, next) {
var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'; var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization';
if(extraHeaders) { if(extraHeaders) {
baseHeaders += ', ' + extraHeaders; baseHeaders += ', ' + extraHeaders;

8
test/acceptance/app-configuration.js
View File

@ -60,7 +60,8 @@ describe('app-configuration', function() {
method: 'GET' method: 'GET'
}, RESPONSE_OK, function(err, res) { }, RESPONSE_OK, function(err, res) {
assert.equal( assert.equal(
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token' res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
); );
assert.equal(res.headers['access-control-allow-origin'], '*'); assert.equal(res.headers['access-control-allow-origin'], '*');
done(); done();
@ -76,7 +77,8 @@ describe('app-configuration', function() {
}, RESPONSE_OK, function(err, res) { }, RESPONSE_OK, function(err, res) {
assert.equal(res.body, ''); assert.equal(res.body, '');
assert.equal( assert.equal(
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token' res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
); );
assert.equal(res.headers['access-control-allow-origin'], '*'); assert.equal(res.headers['access-control-allow-origin'], '*');
done(); done();
@ -158,7 +160,7 @@ describe('app-configuration', function() {
assert.equal(res.headers['access-control-allow-origin'], '*'); assert.equal(res.headers['access-control-allow-origin'], '*');
assert.equal( assert.equal(
res.headers['access-control-allow-headers'], res.headers['access-control-allow-headers'],
"X-Requested-With, X-Prototype-Version, X-CSRF-Token" "X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization"
); );
done(); done();
}); });