From 7298126ce553cb0e9261969e0e3d310c37a1c023 Mon Sep 17 00:00:00 2001
From: Julien Rebetez <julien@fhtagn.net>
Date: Sat, 17 Mar 2018 17:14:44 +0100
Subject: [PATCH 1/2] Fix issue where CORS preflight request would fail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without this fix, doing a CORS OPTIONS preflight request results in
a “TypeError: Cannot match against 'undefined' or 'null’.” because
PreflightBlobRequest creates an AzuriteResponse without argument.
---
 lib/model/blob/AzuriteResponse.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/model/blob/AzuriteResponse.js b/lib/model/blob/AzuriteResponse.js
index 1bd2571..2523d93 100644
--- a/lib/model/blob/AzuriteResponse.js
+++ b/lib/model/blob/AzuriteResponse.js
@@ -5,7 +5,7 @@ const uuidV1 = require('uuid/v1'),
     EntityType = require('./../../core/Constants').StorageEntityType;
 
 class AzuriteResponse {
-    constructor({ proxy = undefined, payload = undefined, query = {}, cors = undefined }) {
+    constructor({ proxy = undefined, payload = undefined, query = {}, cors = undefined } = {}) {
         this.httpProps = {};
         this.proxy = proxy;
         if (this.proxy) {

From eba8a87b3aaa2c79243cd92d8ef039caa7967082 Mon Sep 17 00:00:00 2001
From: Julien Rebetez <julien@fhtagn.net>
Date: Sun, 18 Mar 2018 13:49:51 +0100
Subject: [PATCH 2/2] Correctly send back Access-Control-Allow-Headers in CORS
 preflight

Without this, the browser would fail the request complaining that no
headers were allowed.
---
 lib/actions/blob/PreflightBlobRequest.js | 3 ++-
 lib/model/blob/AzuriteResponse.js        | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/actions/blob/PreflightBlobRequest.js b/lib/actions/blob/PreflightBlobRequest.js
index 768034a..29b8b0d 100644
--- a/lib/actions/blob/PreflightBlobRequest.js
+++ b/lib/actions/blob/PreflightBlobRequest.js
@@ -12,9 +12,10 @@ class PreflightBlobRequest {
         const response = new AzuriteResponse(); // Add Access-Control-Expose-Headers
         response.addHttpProperty(N.ACCESS_CONTROL_ALLOW_ORIGIN, req.httpProps[N.ORIGIN]); // Refactor into response
         response.addHttpProperty(N.ACCESS_CONTROL_ALLOW_METHODS, req.httpProps[N.ACCESS_CONTROL_REQUEST_METHOD]);
-        response.addHttpProperty(N.ACCESS_CONTROL_ALLOW_HEADERS, req.httpProps[N.ACCESS_CONTROL_ALLOW_HEADERS]);
+        response.addHttpProperty(N.ACCESS_CONTROL_ALLOW_HEADERS, req.httpProps[N.ACCESS_CONTROL_REQUEST_HEADERS]);
         response.addHttpProperty(N.ACCESS_CONTROL_MAX_AGE, req.cors.maxAgeInSeconds);
         response.addHttpProperty(N.ACCESS_CONTROL_ALLOW_CREDENTIALS, true); // Refactor into response
+        res.set(response.httpProps);
         res.status(200).send();
     }
 }
diff --git a/lib/model/blob/AzuriteResponse.js b/lib/model/blob/AzuriteResponse.js
index 2523d93..4783e5f 100644
--- a/lib/model/blob/AzuriteResponse.js
+++ b/lib/model/blob/AzuriteResponse.js
@@ -34,6 +34,7 @@ class AzuriteResponse {
             this.httpProps[N.ACCESS_CONTROL_ALLOW_ORIGIN] = cors.origin;
             this.httpProps[N.ACCESS_CONTROL_EXPOSE_HEADERS] = cors.exposedHeaders;
             this.httpProps[N.ACCESS_CONTROL_ALLOW_CREDENTIALS] = true;
+            this.httpProps[N.ACCESS_CONTROL_ALLOW_HEADERS] = cors.exposedHeaders;
         }
     }