Skip to content

Commit

Permalink
#2941: Cors, accessControlAllowHeaders in option request (prepend pre… (
Browse files Browse the repository at this point in the history
#2943)

Co-authored-by: John A. De Goes <john@degoes.net>
  • Loading branch information
jgoday and jdegoes authored Aug 16, 2024
1 parent 3d1ef0c commit 4f94eef
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,73 @@ object CorsSpec extends ZIOHttpSpec with HttpAppTestExtensions {
Response(Status.InternalServerError, body = Body.fromString(cause.prettyPrint))
} @@ cors(CorsConfig(allowedMethods = AccessControlAllowMethods(Method.GET)))

val appAllowAllHeaders = Routes(
Method.GET / "success" -> handler(Response.ok),
).handleErrorCause { cause =>
Response(Status.InternalServerError, body = Body.fromString(cause.prettyPrint))
} @@ cors(
CorsConfig(
allowedOrigin = { case _ =>
Some(Header.AccessControlAllowOrigin.All)
},
allowedMethods = Header.AccessControlAllowMethods.All,
allowedHeaders = Header.AccessControlAllowHeaders.All,
),
)

val appNoServerHeaders = Routes(
Method.GET / "success" -> handler(Response.ok),
).handleErrorCause { cause =>
Response(Status.InternalServerError, body = Body.fromString(cause.prettyPrint))
} @@ cors(
CorsConfig(
allowedOrigin = { case _ =>
Some(Header.AccessControlAllowOrigin.All)
},
allowedMethods = Header.AccessControlAllowMethods.All,
allowedHeaders = Header.AccessControlAllowHeaders.None,
),
)

override def spec = suite("CorsSpec")(
test("OPTIONS request with allowAllHeaders server config") {
val request =
Request
.options(URL(Path.root / "success"))
.copy(
headers = Headers(
Header.Origin("http", "test-env"),
Header.AccessControlRequestMethod(Method.GET),
),
)

for {
res <- appAllowAllHeaders.runZIO(request)
} yield assertTrue(
extractStatus(res) == Status.NoContent,
res.hasHeader(Header.AccessControlAllowCredentials.Allow),
res.hasHeader(Header.AccessControlAllowHeaders.All),
)
},
test("OPTIONS request with no headers allowed in server config") {
val request =
Request
.options(URL(Path.root / "success"))
.copy(
headers = Headers(
Header.Origin("http", "test-env"),
Header.AccessControlRequestMethod(Method.GET),
),
)

for {
res <- appNoServerHeaders.runZIO(request)
} yield assertTrue(
extractStatus(res) == Status.NoContent,
res.hasHeader(Header.AccessControlAllowCredentials.Allow),
!res.hasHeader(Header.AccessControlAllowHeaders.All),
)
},
test("OPTIONS request") {
val request = Request
.options(URL(Path.root / "success"))
Expand Down
2 changes: 1 addition & 1 deletion zio-http/shared/src/main/scala/zio/http/Middleware.scala
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ object Middleware extends HandlerAspects {

new Middleware[Any] {
def apply[Env1, Err](routes: Routes[Env1, Err]): Routes[Env1, Err] =
(routes @@ aspect) :+ optionsRoute
optionsRoute +: (routes @@ aspect)
}
}

Expand Down

0 comments on commit 4f94eef

Please sign in to comment.