cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make cors middleware more generic and link it just to application level

Browse Source
This commit is contained in:
Daniel García Aubert 2018-04-03 15:32:29 +02:00
parent 5cd073c96f
commit 462ba62656
3 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/cartodb/controllers/map/anonymous.js
View File

@ -1,7 +1,6 @@
const windshaft = require('windshaft'); const windshaft = require('windshaft');
const MapConfig = windshaft.model.MapConfig; const MapConfig = windshaft.model.MapConfig;
const Datasource = windshaft.model.Datasource; const Datasource = windshaft.model.Datasource;
const cors = require('../../middleware/cors');
const cleanUpQueryParams = require('../../middleware/clean-up-query-params'); const cleanUpQueryParams = require('../../middleware/clean-up-query-params');
const credentials = require('../../middleware/credentials'); const credentials = require('../../middleware/credentials');
const dbConnSetup = require('../../middleware/db-conn-setup'); const dbConnSetup = require('../../middleware/db-conn-setup');
@ -66,9 +65,9 @@ function AnonymousMapController (
module.exports = AnonymousMapController; module.exports = AnonymousMapController;
AnonymousMapController.prototype.register = function (mapRouter) { AnonymousMapController.prototype.register = function (mapRouter) {
mapRouter.options('/');
mapRouter.get('/', this.composeCreateMapMiddleware()); mapRouter.get('/', this.composeCreateMapMiddleware());
mapRouter.post('/', this.composeCreateMapMiddleware()); mapRouter.post('/', this.composeCreateMapMiddleware());
mapRouter.options('/', cors('Content-Type'));
}; };
AnonymousMapController.prototype.composeCreateMapMiddleware = function () { AnonymousMapController.prototype.composeCreateMapMiddleware = function () {

5
lib/cartodb/controllers/template/admin.js
View File

@ -1,5 +1,4 @@
const { templateName } = require('../../backends/template_maps'); const { templateName } = require('../../backends/template_maps');
const cors = require('../../middleware/cors');
const credentials = require('../../middleware/credentials'); const credentials = require('../../middleware/credentials');
const rateLimit = require('../../middleware/rate-limit'); const rateLimit = require('../../middleware/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit; const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;
@ -20,6 +19,8 @@ function AdminTemplateController(authApi, templateMaps, userLimitsApi) {
module.exports = AdminTemplateController; module.exports = AdminTemplateController;
AdminTemplateController.prototype.register = function (templateRouter) { AdminTemplateController.prototype.register = function (templateRouter) {
templateRouter.options(`/:template_id`);
templateRouter.post( templateRouter.post(
`/`, `/`,
credentials(), credentials(),
@ -66,8 +67,6 @@ AdminTemplateController.prototype.register = function (templateRouter) {
listTemplates({ templateMaps: this.templateMaps }), listTemplates({ templateMaps: this.templateMaps }),
sendResponse() sendResponse()
); );
templateRouter.options(`/:template_id`, cors('Content-Type'));
}; };
function checkContentType ({ action, label }) { function checkContentType ({ action, label }) {

14
lib/cartodb/middleware/cors.js
View File

@ -1,13 +1,17 @@
module.exports = function cors (extraHeaders) { module.exports = function cors () {
return function corsMiddleware (req, res, next) { return function corsMiddleware (req, res, next) {
let baseHeaders = "X-Requested-With, X-Prototype-Version, X-CSRF-Token"; const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token'
];
if(extraHeaders) { if (req.method === 'OPTIONS') {
baseHeaders += ", " + extraHeaders; headers.push('Content-Type');
} }
res.set("Access-Control-Allow-Origin", "*"); res.set("Access-Control-Allow-Origin", "*");
res.set("Access-Control-Allow-Headers", baseHeaders); res.set("Access-Control-Allow-Headers", headers.join(', '));
next(); next();
}; };