archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-25 15:07:39 +00:00
Code Issues Projects Releases Wiki Activity

omit access-control-allow-credentials header when not explicitly activated

Browse Source
This commit is contained in:
wildhaber 2019-11-21 17:11:32 +01:00
parent 05eec837ec
commit 0d3e1eb588
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/plugins/aws/package/compile/events/apiGateway/lib/cors.js
View File

@ -30,9 +30,13 @@ module.exports = {
'Access-Control-Allow-Origin': `'${origin}'`,
'Access-Control-Allow-Headers': `'${config.headers.join(',')}'`,
'Access-Control-Allow-Methods': `'${config.methods.join(',')}'`,
'Access-Control-Allow-Credentials': `'${config.allowCredentials}'`,
};
// Only set Access-Control-Allow-Credentials when explicitly allowed (omit if false)
if(config.allowCredentials === true) {
preflightHeaders['Access-Control-Allow-Credentials'] = `'${config.allowCredentials}'`;
}
// Enable CORS Max Age usage if set
if (_.has(config, 'maxAge')) {
if (_.isInteger(config.maxAge) && config.maxAge > 0) {

6
lib/plugins/aws/package/compile/events/apiGateway/lib/cors.test.js
View File

@ -157,7 +157,7 @@ describe('#compileCors()', () => {
awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
.ApiGatewayMethodUsersUpdateOptions.Properties.Integration.IntegrationResponses[0]
.ResponseParameters['method.response.header.Access-Control-Allow-Credentials']
).to.equal("'false'");
).to.equal(undefined);
expect(
awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
@ -194,7 +194,7 @@ describe('#compileCors()', () => {
awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
.ApiGatewayMethodUsersDeleteOptions.Properties.Integration.IntegrationResponses[0]
.ResponseParameters['method.response.header.Access-Control-Allow-Credentials']
).to.equal("'false'");
).to.equal(undefined);
expect(
awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
@ -233,7 +233,7 @@ describe('#compileCors()', () => {
awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
.ApiGatewayMethodUsersAnyOptions.Properties.Integration.IntegrationResponses[0]
.ResponseParameters['method.response.header.Access-Control-Allow-Credentials']
).to.equal("'false'");
).to.equal(undefined);
});
});

2
tests/integration-all/api-gateway/tests.js
View File

@ -117,7 +117,7 @@ describe('AWS - API Gateway Integration Test', function() {
].join(',');
expect(headers.get('access-control-allow-headers')).to.equal(allowHeaders);
expect(headers.get('access-control-allow-methods')).to.equal('OPTIONS,GET');
expect(headers.get('access-control-allow-credentials')).to.equal('false');
expect(headers.get('access-control-allow-credentials')).to.equal(null);
// TODO: for some reason this test fails for now...
// expect(headers.get('access-control-allow-origin')).to.equal('*');
});