Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | 1x 1x 1x | // Copyright (C) 2017 Norman Breau
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
import {Middleware} from './Middleware';
import {Request} from './Request';
import {Response} from './Response';
import {IRequestResponse} from './IRequestResponse';
import {getInstance} from './instance';
/**
* CORSMiddleware is used to enable CORS on APIs.
* It will automatically add the necessary headers necessary to
* communicate with CORS enabled clients.
*/
export class CORSMiddleware extends Middleware {
private _allowedOrigin: string;
private _allowedHeaders: Array<string>;
private _allowedMethods: Array<string>;
/**
* @constructor
* @param allowedOrigin The allowed origin. By default it will use the request origin.
* @param allowedHeaders Array of allowed headers.
* @param allowedMethods Array of allowed HTTP methods.
*/
public constructor(allowedOrigin?: string, allowedHeaders?: Array<string>, allowedMethods?: Array<string>) {
super();
this._allowedOrigin = (!allowedOrigin) ? this.getDefaultAllowedOrigin() : allowedOrigin;
this._allowedHeaders = (!allowedHeaders) ? this.getDefaultAllowedHeaders() : allowedHeaders;
this._allowedMethods = (!allowedMethods) ? this.getDefaultAllowedMethods() : allowedMethods;
}
/**
* Sets the allowed origin. By default,
*/
public getDefaultAllowedOrigin(): string {
return null;
}
public getDefaultAllowedHeaders(): Array<string> {
return [
'Accept',
getInstance().getConfig().authentication_header,
'X-Requested-With',
'Content-Type',
'Access-Control-Allow-Origin'
];
}
public getDefaultAllowedMethods(): Array<string> {
return [
'GET',
'POST',
'HEAD',
'OPTIONS',
'DELETE',
'PUT'
];
}
public execute(request: Request, response: Response): Promise<IRequestResponse> {
if (this._allowedOrigin) {
response.setHeader('Access-Control-Allow-Origin', this._allowedOrigin);
}
else {
response.setHeader('Access-Control-Allow-Origin', request.getHeader('Origin'));
}
response.setHeader('Access-Control-Allow-Headers', this._allowedHeaders.join(', '));
response.setHeader('Access-Control-Allow-Methods', this._allowedMethods.join(', '));
response.setHeader('Vary', 'Origin');
return Promise.resolve({
request: request,
response: response
});
}
}
|