Allow metrics custom headers in cors

This commit is contained in:
Esther Lozano 2020-02-13 12:52:20 +01:00
parent 576518b2c8
commit 98325495ea
6 changed files with 16 additions and 7 deletions

View File

@ -6,7 +6,10 @@ module.exports = function cors () {
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization'
'Authorization',
'Carto-Source-Lib',
'Carto-Source-Context',
'Carto-Source-Context-Id'
];
if (req.method === 'OPTIONS') {

View File

@ -42,7 +42,8 @@ describe('attributes', function () {
function checkCORSHeaders (res) {
assert.strictEqual(
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
}

View File

@ -27,7 +27,8 @@ describe('multilayer', function () {
function checkCORSHeaders (res) {
assert.strictEqual(
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
}
@ -1032,7 +1033,8 @@ describe('multilayer', function () {
/// /////////////////////////////////////////////////////////////////
it('geting options on layergroup should return CORS headers', function (done) {
const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
assert.response(server, {
url: '/api/v1/map',
method: 'OPTIONS'

View File

@ -19,7 +19,8 @@ describe('raster', function () {
function checkCORSHeaders (res) {
assert.strictEqual(
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
}

View File

@ -30,7 +30,8 @@ describe('torque', function () {
function checkCORSHeaders (res) {
assert.strictEqual(
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
}

View File

@ -303,7 +303,8 @@ describe('template_api', function () {
assert.response(server, postRequest, {}, function (res) { next(null, res); });
},
function testCORS () {
const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
assert.response(server, {
url: '/api/v1/map/named/acceptance1',
method: 'OPTIONS'