From 98325495ea33d226fc27e5e15ace983d396808fa Mon Sep 17 00:00:00 2001
From: Esther Lozano <esloho@gmail.com>
Date: Thu, 13 Feb 2020 12:52:20 +0100
Subject: [PATCH] Allow metrics custom headers in cors

---
 lib/api/middlewares/cors.js               | 5 ++++-
 test/acceptance/ported/attributes-test.js | 3 ++-
 test/acceptance/ported/multilayer-test.js | 6 ++++--
 test/acceptance/ported/raster-test.js     | 3 ++-
 test/acceptance/ported/torque-test.js     | 3 ++-
 test/acceptance/templates-test.js         | 3 ++-
 6 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/api/middlewares/cors.js b/lib/api/middlewares/cors.js
index 5ac107af..60df813d 100644
--- a/lib/api/middlewares/cors.js
+++ b/lib/api/middlewares/cors.js
@@ -6,7 +6,10 @@ module.exports = function cors () {
             'X-Requested-With',
             'X-Prototype-Version',
             'X-CSRF-Token',
-            'Authorization'
+            'Authorization',
+            'Carto-Source-Lib',
+            'Carto-Source-Context',
+            'Carto-Source-Context-Id'
         ];
 
         if (req.method === 'OPTIONS') {
diff --git a/test/acceptance/ported/attributes-test.js b/test/acceptance/ported/attributes-test.js
index 4eb8b0fd..c08bb6fb 100644
--- a/test/acceptance/ported/attributes-test.js
+++ b/test/acceptance/ported/attributes-test.js
@@ -42,7 +42,8 @@ describe('attributes', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }
diff --git a/test/acceptance/ported/multilayer-test.js b/test/acceptance/ported/multilayer-test.js
index 739f4926..0e093c70 100644
--- a/test/acceptance/ported/multilayer-test.js
+++ b/test/acceptance/ported/multilayer-test.js
@@ -27,7 +27,8 @@ describe('multilayer', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }
@@ -1032,7 +1033,8 @@ describe('multilayer', function () {
     /// /////////////////////////////////////////////////////////////////
 
     it('geting options on layergroup should return CORS headers', function (done) {
-        const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
+        const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+                                'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
         assert.response(server, {
             url: '/api/v1/map',
             method: 'OPTIONS'
diff --git a/test/acceptance/ported/raster-test.js b/test/acceptance/ported/raster-test.js
index 4d7cf471..9f8a80fc 100644
--- a/test/acceptance/ported/raster-test.js
+++ b/test/acceptance/ported/raster-test.js
@@ -19,7 +19,8 @@ describe('raster', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }
diff --git a/test/acceptance/ported/torque-test.js b/test/acceptance/ported/torque-test.js
index feee249a..6b0d95d3 100644
--- a/test/acceptance/ported/torque-test.js
+++ b/test/acceptance/ported/torque-test.js
@@ -30,7 +30,8 @@ describe('torque', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }
diff --git a/test/acceptance/templates-test.js b/test/acceptance/templates-test.js
index a18b1507..e4319f60 100644
--- a/test/acceptance/templates-test.js
+++ b/test/acceptance/templates-test.js
@@ -303,7 +303,8 @@ describe('template_api', function () {
             assert.response(server, postRequest, {}, function (res) { next(null, res); });
         },
         function testCORS () {
-            const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
+            const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+                                    'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
             assert.response(server, {
                 url: '/api/v1/map/named/acceptance1',
                 method: 'OPTIONS'