UNPKG

@themost/web/handlers/cors.js

Version:

3.3 kBJavaScriptView Raw

1/**
* jshint es5:true
*/
4/**
* MOST Web Framework
* A JavaScript Web Framework
* http://themost.io
*
* Copyright (c) 2014, Kyriakos Barbounakis k.barbounakis@gmail.com, Anthi Oikonomou anthioikonomou@gmail.com
*
* Released under the BSD3-Clause license
* Date: 2017-11-20
*/
14/**
* @class
* @constructor
* @implements PostMapRequestHandler
*/
19function CorsHandler() {
20
21}
22
23/**
* @param {HttpContext} context
* @param {Function} callback
*/
27CorsHandler.prototype.postMapRequest = function(context, callback) {
28
  var allowCredentials = true;
  var allowOrigin = "*";
  var allowHeaders = "Origin, X-Requested-With, Content-Type, Content-Language, Accept, Accept-Language, Authorization";
  var allowMethods = "GET, OPTIONS, PUT, POST, PATCH, DELETE";
  /**
   * @private
   * @type {{allowOrigin:string,allowHeaders:string,allowCredentials:Boolean,allowMethods:string,allow:string}|*}
   */
  var route = context.request.route;
  if (route) {
      if (typeof route.allowOrigin !== 'undefined')
          allowOrigin = route.allowOrigin;
      if (typeof route.allowHeaders !== 'undefined')
          allowHeaders = route.allowHeaders;
      if (typeof route.allowCredentials !== 'undefined')
          allowCredentials = route.allowCredentials;
      if ((typeof route.allowMethods !== 'undefined') || (typeof route.allow !== 'undefined'))
          allowMethods = route.allow || route.allowMethods;
  }
  //ensure header names
  var headerNames = context.response["_headerNames"] || { };
  //1. Access-Control-Allow-Origin
  if (typeof headerNames["access-control-allow-origin"] === 'undefined') {
      //if request contains origin header
      if (context.request.headers.origin) {
          if (allowOrigin === "*") {
              //set access-control-allow-origin header equal to request origin header
              context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);
          }
          else if (allowOrigin.indexOf(context.request.headers.origin)>-1) {
              context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);
          }
      }
      else {
          //set access-control-allow-origin header equal to the predefined origin header
          context.response.setHeader("Access-Control-Allow-Origin", "*");
      }
  }
  //2. Access-Control-Allow-Credentials
  if (typeof headerNames["access-control-allow-credentials"] === 'undefined') {
      context.response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
  }
71
  //3. Access-Control-Allow-Headers
  if (typeof headerNames["access-control-allow-headers"] === 'undefined') {
      context.response.setHeader("Access-Control-Allow-Headers", allowHeaders);
  }
76
  //4. Access-Control-Allow-Methods
  if (typeof headerNames["access-control-allow-methods"] === 'undefined') {
      context.response.setHeader("Access-Control-Allow-Methods", allowMethods);
  }
  return callback();
82};
83
84CorsHandler.createInstance = function() {
  return new CorsHandler();
86};
87
88
89if (typeof module !== 'undefined') {
  module.exports.CorsHandler = CorsHandler.CorsHandler;
  module.exports.createInstance = CorsHandler.createInstance;
92}
\No newline at end of file

1	`/**`
2	`* jshint es5:true`
3	`*/`
4	`/**`
5	`* MOST Web Framework`
6	`* A JavaScript Web Framework`
7	`* http://themost.io`
8	`*`
9	`* Copyright (c) 2014, Kyriakos Barbounakis k.barbounakis@gmail.com, Anthi Oikonomou anthioikonomou@gmail.com`
10	`*`
11	`* Released under the BSD3-Clause license`
12	`* Date: 2017-11-20`
13	`*/`
14	`/**`
15	`* @class`
16	`* @constructor`
17	`* @implements PostMapRequestHandler`
18	`*/`
19	`function CorsHandler() {`
20
21	`}`
22
23	`/**`
24	`* @param {HttpContext} context`
25	`* @param {Function} callback`
26	`*/`
27	`CorsHandler.prototype.postMapRequest = function(context, callback) {`
28
29	`var allowCredentials = true;`
30	`var allowOrigin = "*";`
31	`var allowHeaders = "Origin, X-Requested-With, Content-Type, Content-Language, Accept, Accept-Language, Authorization";`
32	`var allowMethods = "GET, OPTIONS, PUT, POST, PATCH, DELETE";`
33	`/**`
34	`* @private`
35	`* @type {{allowOrigin:string,allowHeaders:string,allowCredentials:Boolean,allowMethods:string,allow:string}\|*}`
36	`*/`
37	`var route = context.request.route;`
38	`if (route) {`
39	`if (typeof route.allowOrigin !== 'undefined')`
40	`allowOrigin = route.allowOrigin;`
41	`if (typeof route.allowHeaders !== 'undefined')`
42	`allowHeaders = route.allowHeaders;`
43	`if (typeof route.allowCredentials !== 'undefined')`
44	`allowCredentials = route.allowCredentials;`
45	`if ((typeof route.allowMethods !== 'undefined') \|\| (typeof route.allow !== 'undefined'))`
46	`allowMethods = route.allow \|\| route.allowMethods;`
47	`}`
48	`//ensure header names`
49	`var headerNames = context.response["_headerNames"] \|\| { };`
50	`//1. Access-Control-Allow-Origin`
51	`if (typeof headerNames["access-control-allow-origin"] === 'undefined') {`
52	`//if request contains origin header`
53	`if (context.request.headers.origin) {`
54	`if (allowOrigin === "*") {`
55	`//set access-control-allow-origin header equal to request origin header`
56	`context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);`
57	`}`
58	`else if (allowOrigin.indexOf(context.request.headers.origin)>-1) {`
59	`context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);`
60	`}`
61	`}`
62	`else {`
63	`//set access-control-allow-origin header equal to the predefined origin header`
64	`context.response.setHeader("Access-Control-Allow-Origin", "*");`
65	`}`
66	`}`
67	`//2. Access-Control-Allow-Credentials`
68	`if (typeof headerNames["access-control-allow-credentials"] === 'undefined') {`
69	`context.response.setHeader("Access-Control-Allow-Credentials", allowCredentials);`
70	`}`
71
72	`//3. Access-Control-Allow-Headers`
73	`if (typeof headerNames["access-control-allow-headers"] === 'undefined') {`
74	`context.response.setHeader("Access-Control-Allow-Headers", allowHeaders);`
75	`}`
76
77	`//4. Access-Control-Allow-Methods`
78	`if (typeof headerNames["access-control-allow-methods"] === 'undefined') {`
79	`context.response.setHeader("Access-Control-Allow-Methods", allowMethods);`
80	`}`
81	`return callback();`
82	`};`
83
84	`CorsHandler.createInstance = function() {`
85	`return new CorsHandler();`
86	`};`
87
88
89	`if (typeof module !== 'undefined') {`
90	`module.exports.CorsHandler = CorsHandler.CorsHandler;`
91	`module.exports.createInstance = CorsHandler.createInstance;`
92	`}`
\	No newline at end of file