Make cors middleware more generic and link it just to application level

This commit is contained in:
Daniel García Aubert 2018-04-03 15:32:29 +02:00
parent 5cd073c96f
commit 462ba62656
3 changed files with 12 additions and 10 deletions

View File

@ -1,7 +1,6 @@
const windshaft = require('windshaft');
const MapConfig = windshaft.model.MapConfig;
const Datasource = windshaft.model.Datasource;
const cors = require('../../middleware/cors');
const cleanUpQueryParams = require('../../middleware/clean-up-query-params');
const credentials = require('../../middleware/credentials');
const dbConnSetup = require('../../middleware/db-conn-setup');
@ -66,9 +65,9 @@ function AnonymousMapController (
module.exports = AnonymousMapController;
AnonymousMapController.prototype.register = function (mapRouter) {
mapRouter.options('/');
mapRouter.get('/', this.composeCreateMapMiddleware());
mapRouter.post('/', this.composeCreateMapMiddleware());
mapRouter.options('/', cors('Content-Type'));
};
AnonymousMapController.prototype.composeCreateMapMiddleware = function () {

View File

@ -1,5 +1,4 @@
const { templateName } = require('../../backends/template_maps');
const cors = require('../../middleware/cors');
const credentials = require('../../middleware/credentials');
const rateLimit = require('../../middleware/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;
@ -20,6 +19,8 @@ function AdminTemplateController(authApi, templateMaps, userLimitsApi) {
module.exports = AdminTemplateController;
AdminTemplateController.prototype.register = function (templateRouter) {
templateRouter.options(`/:template_id`);
templateRouter.post(
`/`,
credentials(),
@ -66,8 +67,6 @@ AdminTemplateController.prototype.register = function (templateRouter) {
listTemplates({ templateMaps: this.templateMaps }),
sendResponse()
);
templateRouter.options(`/:template_id`, cors('Content-Type'));
};
function checkContentType ({ action, label }) {

View File

@ -1,13 +1,17 @@
module.exports = function cors (extraHeaders) {
module.exports = function cors () {
return function corsMiddleware (req, res, next) {
let baseHeaders = "X-Requested-With, X-Prototype-Version, X-CSRF-Token";
const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token'
];
if(extraHeaders) {
baseHeaders += ", " + extraHeaders;
if (req.method === 'OPTIONS') {
headers.push('Content-Type');
}
res.set("Access-Control-Allow-Origin", "*");
res.set("Access-Control-Allow-Headers", baseHeaders);
res.set("Access-Control-Allow-Headers", headers.join(', '));
next();
};