feat: add allowHeaders to Options (#6044)

* feat: add allowHeaders to Options This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app. * refactor: convert allowCrossDomain to generator to add appId in scope This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header. * chore: update Definitions and docs * fix: update test to use new allowCrossDomain params * chore: add tests for allowCustomDomain middleware re: allowHeadrs
2019-09-12 22:03:57 +01:00
parent 1361bb3020
commit eef530b1e3
7 changed files with 113 additions and 25 deletions
--- a/spec/Middlewares.spec.js
+++ b/spec/Middlewares.spec.js
@@ -298,10 +298,62 @@ describe('middlewares', () => {
        headers[key] = value;
      },
    };
-    middlewares.allowCrossDomain({}, res, () => {});
+    const allowCrossDomain = middlewares.allowCrossDomain(
+      fakeReq.body._ApplicationId
+    );
+    allowCrossDomain(fakeReq, res, () => {});
    expect(Object.keys(headers).length).toBe(4);
    expect(headers['Access-Control-Expose-Headers']).toBe(
      'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id'
    );
  });
+
+  it('should set default Access-Control-Allow-Headers if allowHeaders are empty', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      allowHeaders: undefined,
+    });
+    const headers = {};
+    const res = {
+      header: (key, value) => {
+        headers[key] = value;
+      },
+    };
+    const allowCrossDomain = middlewares.allowCrossDomain(
+      fakeReq.body._ApplicationId
+    );
+    allowCrossDomain(fakeReq, res, () => {});
+    expect(headers['Access-Control-Allow-Headers']).toContain(
+      middlewares.DEFAULT_ALLOWED_HEADERS
+    );
+
+    AppCache.put(fakeReq.body._ApplicationId, {
+      allowHeaders: [],
+    });
+    allowCrossDomain(fakeReq, res, () => {});
+    expect(headers['Access-Control-Allow-Headers']).toContain(
+      middlewares.DEFAULT_ALLOWED_HEADERS
+    );
+  });
+
+  it('should append custom headers to Access-Control-Allow-Headers if allowHeaders provided', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      allowHeaders: ['Header-1', 'Header-2'],
+    });
+    const headers = {};
+    const res = {
+      header: (key, value) => {
+        headers[key] = value;
+      },
+    };
+    const allowCrossDomain = middlewares.allowCrossDomain(
+      fakeReq.body._ApplicationId
+    );
+    allowCrossDomain(fakeReq, res, () => {});
+    expect(headers['Access-Control-Allow-Headers']).toContain(
+      'Header-1, Header-2'
+    );
+    expect(headers['Access-Control-Allow-Headers']).toContain(
+      middlewares.DEFAULT_ALLOWED_HEADERS
+    );
+  });
 });