Added sample for handling CORS requests.

functions/http/index.js

@@ -251,3 +251,57 @@ exports.getSignedUrl = (req, res) => {
   }
 };
 // [END functions_http_signed_url]
+
+// [START functions_http_cors]
+/**
+ * HTTP function that supports CORS requests.
+ *
+ * @param {Object} req Cloud Function request context.
+ * @param {Object} res Cloud Function response context.
+ */
+exports.corsEnabledFunction = (req, res) => {
+  // Set CORS headers for preflight requests
+  // Allows GETs from any origin with the Content-Type header
+  // and caches preflight response for 3600s
+
+  res.set('Access-Control-Allow-Origin', '*');
+
+  if (req.method === 'OPTIONS') {
+    // Send response to OPTIONS requests
+    res.set('Access-Control-Allow-Methods', 'GET');
+    res.set('Access-Control-Allow-Headers', 'Content-Type');
+    res.set('Access-Control-Max-Age', '3600');
+    res.status(204).send('');
+  } else {
+    // Set CORS headers for the main request
+    res.set('Access-Control-Allow-Origin', '*');
+    res.send('Hello World!');
+  }
+};
+// [END functions_http_cors]
+
+// [START functions_http_cors_auth]
+/**
+ * HTTP function that supports CORS requests with credentials.
+ *
+ * @param {Object} req Cloud Function request context.
+ * @param {Object} res Cloud Function response context.
+ */
+exports.corsEnabledFunctionAuth = (req, res) => {
+  // Set CORS headers for preflight requests
+  // Allows GETs from origin https://mydomain.com with Authorization header
+
+  res.set('Access-Control-Allow-Origin', 'https://mydomain.com');
+  res.set('Access-Control-Allow-Credentials', 'true');
+
+  if (req.method === 'OPTIONS') {
+    // Send response to OPTIONS requests
+    res.set('Access-Control-Allow-Methods', 'GET');
+    res.set('Access-Control-Allow-Headers', 'Authorization');
+    res.set('Access-Control-Max-Age', '3600');
+    res.status(204).send('');
+  } else {
+    res.send('Hello World!');
+  }
+};
+// [END functions_http_cors_auth]

functions/http/test/index.test.js

@@ -43,9 +43,20 @@ function getMocks () {
   };
   sinon.spy(req, `get`);
 
+  const corsPreflightReq = {
+    method: 'OPTIONS'
+  };
+
+  const corsMainReq = {
+    method: 'GET'
+  };
+
   return {
     req: req,
+    corsPreflightReq: corsPreflightReq,
+    corsMainReq: corsMainReq,
     res: {
+      set: sinon.stub().returnsThis(),
       send: sinon.stub().returnsThis(),
       json: sinon.stub().returnsThis(),
       end: sinon.stub().returnsThis(),
@@ -181,3 +192,41 @@ test.serial(`http:helloContent: should handle other`, (t) => {
   t.true(mocks.res.send.calledOnce);
   t.deepEqual(mocks.res.send.firstCall.args[0], `Hello World!`);
 });
+
+test.serial(`http:cors: should respond to preflight request (no auth)`, (t) => {
+  const mocks = getMocks();
+  const httpSample = getSample();
+
+  httpSample.sample.corsEnabledFunction(mocks.corsPreflightReq, mocks.res);
+
+  t.true(mocks.res.status.calledOnceWith(204));
+  t.true(mocks.res.send.called);
+});
+
+test.serial(`http:cors: should respond to main request (no auth)`, (t) => {
+  const mocks = getMocks();
+  const httpSample = getSample();
+
+  httpSample.sample.corsEnabledFunction(mocks.corsMainReq, mocks.res);
+
+  t.true(mocks.res.send.calledOnceWith(`Hello World!`));
+});
+
+test.serial(`http:cors: should respond to preflight request (auth)`, (t) => {
+  const mocks = getMocks();
+  const httpSample = getSample();
+
+  httpSample.sample.corsEnabledFunctionAuth(mocks.corsPreflightReq, mocks.res);
+
+  t.true(mocks.res.status.calledOnceWith(204));
+  t.true(mocks.res.send.calledOnce);
+});
+
+test.serial(`http:cors: should respond to main request (auth)`, (t) => {
+  const mocks = getMocks();
+  const httpSample = getSample();
+
+  httpSample.sample.corsEnabledFunctionAuth(mocks.corsMainReq, mocks.res);
+
+  t.true(mocks.res.send.calledOnceWith(`Hello World!`));
+});