Skip to content

Commit

Permalink
[1.x] Add default CORS origins (#318)
Browse files Browse the repository at this point in the history 
* Add default CORS origins

* Use Vite's build-in defaults

* Add subdomain example

* Fix assertion
  • Loading branch information
@timacdonald
timacdonald authored Jan 21, 2025
1 parent 1501f5c commit b3a3abf
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,13 @@ function resolveLaravelPlugin(pluginConfig: Required<PluginConfig>): LaravelPlug
},
server: {
origin: userConfig.server?.origin ?? 'http://__laravel_vite_placeholder__.test',
cors: userConfig.server?.cors ?? {
origin: userConfig.server?.origin ?? [
/^https?:\/\/(?:(?:[^:]+\.)?localhost|127\.0\.0\.1|\[::1\])(?::\d+)?$/,
...(env.APP_URL ? [env.APP_URL] : []), // * (APP_URL="http://my-app.tld")
/^https?:\/\/.*\.test(:\d+)?$/, // Valet / Herd (SCHEME://*.test:PORT)
],
},
...(process.env.LARAVEL_SAIL ? {
host: userConfig.server?.host ?? '0.0.0.0',
port: userConfig.server?.port ?? (env.VITE_PORT ? parseInt(env.VITE_PORT) : 5173),
Expand Down
77 changes: 77 additions & 0 deletions tests/index.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import { afterEach, describe, expect, it, vi } from 'vitest'
import fs from 'fs'
import laravel from '../src'
import { resolvePageComponent } from '../src/inertia-helpers';
import path from 'path';

vi.mock('fs', async () => {
const actual = await vi.importActual<typeof import('fs')>('fs')
Expand Down Expand Up @@ -449,6 +451,81 @@ describe('laravel-vite-plugin', () => {
config: { delay: 123 }
})
})

it('configures default cors.origin values', () => {
const test = (pattern: RegExp|string, value: string) => pattern instanceof RegExp ? pattern.test(value) : pattern === value
fs.writeFileSync(path.join(__dirname, '.env'), 'APP_URL=http://example.com')

const plugins = laravel({
input: 'resources/js/app.js',
})
const resolvedConfig = plugins[0].config({ envDir: __dirname }, {
mode: '',
command: 'serve'
})

// Allowed origins...
expect([
// localhost
'http://localhost',
'https://localhost',
'http://localhost:8080',
'https://localhost:8080',
// 127.0.0.1
'http://127.0.0.1',
'https://127.0.0.1',
'http://127.0.0.1:8000',
'https://127.0.0.1:8000',
// *.test
'http://laravel.test',
'https://laravel.test',
'http://laravel.test:8000',
'https://laravel.test:8000',
'http://my-app.test',
'https://my-app.test',
'http://my-app.test:8000',
'https://my-app.test:8000',
'https://my-app.test:8',
// APP_URL
'http://example.com',
'https://subdomain.my-app.test',
].some((url) => resolvedConfig.server.cors.origin.some((regex) => test(regex, url)))).toBe(true)
// Disallowed origins...
expect([
'http://laravel.com',
'https://laravel.com',
'http://laravel.com:8000',
'https://laravel.com:8000',
'http://128.0.0.1',
'https://128.0.0.1',
'http://128.0.0.1:8000',
'https://128.0.0.1:8000',
'https://example.com',
'http://example.com:8000',
'https://example.com:8000',
'http://exampletest',
'http://example.test:',
].some((url) => resolvedConfig.server.cors.origin.some((regex) => test(regex, url)))).toBe(false)

fs.rmSync(path.join(__dirname, '.env'))
})

it("respects the user's server.cors config", () => {
const plugins = laravel({
input: 'resources/js/app.js',
})
const resolvedConfig = plugins[0].config({
envDir: __dirname,
server: {
cors: true,
}
}, {
mode: '',
command: 'serve'
})

expect(resolvedConfig.server.cors).toBe(true)
})
})

describe('inertia-helpers', () => {
Expand Down

0 comments on commit b3a3abf

Please sign in to comment.