feat: add middleware factory for Cross-Origin-Resource-Policy heade…

…r field
httpland · Apr 2, 2023 · 8ce86dd · 8ce86dd
1 parent 20bc114
commit 8ce86dd
Show file tree

Hide file tree

Showing 7 changed files with 149 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ To change the corp policy, do the following:
 ```ts
 import {
   corp,
-} from "https://deno.land/x/referrer_policy_middleware@$VERSION/middleware.ts";
+} from "https://deno.land/x/corp_middleware@$VERSION/middleware.ts";
 
 const middleware = corp("cross-origin");
 ```

diff --git a/_dev_deps.ts b/_dev_deps.ts
@@ -0,0 +1,7 @@
+export {
+  assert,
+  assertEquals,
+} from "https://deno.land/std@0.181.0/testing/asserts.ts";
+export { describe, it } from "https://deno.land/std@0.181.0/testing/bdd.ts";
+export { equalsResponse } from "https://deno.land/x/http_utils@1.0.0/response.ts";
+export { CrossOriginResourcePolicy, PolicyHeader } from "./constants.ts";
diff --git a/constants.ts b/constants.ts
@@ -0,0 +1,17 @@
+// Copyright 2023-latest the httpland authors. All rights reserved. MIT license.
+// This module is browser compatible.
+
+/** HTTP policy-related header. */
+export const enum PolicyHeader {
+  CrossOriginResourcePolicy = "cross-origin-resource-policy",
+}
+
+/** `Cross-Origin-Resource-Policy` header directive. */
+export enum CrossOriginResourcePolicy {
+  /** Only requests from the same origin can read the resource. */
+  SameOrigin = "same-origin",
+  /** Only requests from the same Site can read the resource. */
+  SameSite = "same-site",
+  /** Requests from any origin can read the resource. */
+  CrossOrigin = "cross-origin",
+}
diff --git a/deps.ts b/deps.ts
@@ -0,0 +1,8 @@
+// Copyright 2023-latest the httpland authors. All rights reserved. MIT license.
+// This module is browser compatible.
+
+export {
+  type Handler,
+  type Middleware,
+} from "https://deno.land/x/http_middleware@1.0.0/mod.ts";
+export { withHeader } from "https://deno.land/x/http_utils@1.0.0/message.ts";
diff --git a/middleware.ts b/middleware.ts
@@ -0,0 +1,43 @@
+// Copyright 2023-latest the httpland authors. All rights reserved. MIT license.
+// This module is browser compatible.
+
+import { Middleware, withHeader } from "./deps.ts";
+import { CrossOriginResourcePolicy, PolicyHeader } from "./constants.ts";
+
+/** Create `Cross-Origin-Resource-Policy` header middleware.
+ *
+ * Add `Cross-Origin-Resource-Policy` header field to `Response`.
+ * ```http
+ * Cross-Origin-Resource-Policy: same-origin
+ * ```
+ *
+ * @example
+ * ```ts
+ * import {
+ *   corp,
+ *   type Handler,
+ * } from "https://deno.land/x/corp_middleware@$VERSION/mod.ts";
+ * import { assert } from "https://deno.land/std/testing/asserts.ts";
+ *
+ * declare const request: Request;
+ * declare const handler: Handler;
+ *
+ * const middleware = corp();
+ * const response = await middleware(request, handler);
+ *
+ * assert(response.headers.has("cross-origin-resource-policy"));
+ * ```
+ */
+export function corp(
+  policy: `${CrossOriginResourcePolicy}` = CrossOriginResourcePolicy.SameOrigin,
+): Middleware {
+  return async (request, next) => {
+    const response = await next(request);
+
+    if (response.headers.has(PolicyHeader.CrossOriginResourcePolicy)) {
+      return response;
+    }
+
+    return withHeader(response, PolicyHeader.CrossOriginResourcePolicy, policy);
+  };
+}
diff --git a/middleware_test.ts b/middleware_test.ts
@@ -0,0 +1,67 @@
+import { corp } from "./middleware.ts";
+import {
+  assert,
+  CrossOriginResourcePolicy,
+  describe,
+  equalsResponse,
+  it,
+  PolicyHeader,
+} from "./_dev_deps.ts";
+
+describe("corp", () => {
+  it("should return response what includes corp header", async () => {
+    const middleware = corp();
+
+    const response = await middleware(
+      new Request("test:"),
+      () => new Response(),
+    );
+
+    assert(
+      await equalsResponse(
+        response,
+        new Response(null, {
+          headers: {
+            [PolicyHeader.CrossOriginResourcePolicy]:
+              CrossOriginResourcePolicy.SameOrigin,
+          },
+        }),
+        true,
+      ),
+    );
+  });
+
+  it("should change corp header", async () => {
+    const middleware = corp(CrossOriginResourcePolicy.CrossOrigin);
+
+    const response = await middleware(
+      new Request("test:"),
+      () => new Response(),
+    );
+
+    assert(
+      await equalsResponse(
+        response,
+        new Response(null, {
+          headers: {
+            [PolicyHeader.CrossOriginResourcePolicy]:
+              CrossOriginResourcePolicy.CrossOrigin,
+          },
+        }),
+        true,
+      ),
+    );
+  });
+
+  it("should return same response if the header include corp yet", async () => {
+    const initResponse = new Response(null, {
+      headers: { [PolicyHeader.CrossOriginResourcePolicy]: "" },
+    });
+    const middleware = corp();
+    const response = await middleware(
+      new Request("test:"),
+      () => initResponse,
+    );
+    assert(response === initResponse);
+  });
+});
diff --git a/mod.ts b/mod.ts
@@ -0,0 +1,6 @@
+// Copyright 2023-latest the httpland authors. All rights reserved. MIT license.
+// This module is browser compatible.
+
+export { corp } from "./middleware.ts";
+export { type Handler, type Middleware } from "./deps.ts";
+export { CrossOriginResourcePolicy } from "./constants.ts";