Skip to content

Cors support #514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Prinzhorn wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Cors support #514

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a080376
added tests for cors
Nov 20, 2015
0815f28
implemented cors support
Nov 20, 2015
256701c
make the non-cors test actually test something
Nov 20, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion bin/harp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,26 @@ program
.command("server [path]")
.option("-i, --ip <ip>", "Specify IP to bind to")
.option("-p, --port <port>", "Specify a port to listen on")
.option("-c, --cors <origin(s)>", "Specify a comma separated list of origins or \"*\" for all")
.usage("starts a Harp server in current directory, or in the specified directory.")
.description("Start a Harp server in current directory")
.action(function(path, program){
var projectPath = nodePath.resolve(process.cwd(), path || "")
var ip = program.ip || '0.0.0.0'
var port = program.port || 9000
harp.server(projectPath, { ip: ip, port: port }, function(){
var cors

if(!program.cors) {
cors = false;
} else if(program.cors === '*') {
cors = true;
} else {
cors = program.cors.split(',').map(function(domain) {
return domain.trim()
})
}

harp.server(projectPath, { ip: ip, port: port, cors: cors }, function(){
var address = ''
if(ip == '0.0.0.0' || ip == '127.0.0.1') {
address = 'localhost'
Expand Down
6 changes: 6 additions & 0 deletions lib/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var terraform = require('terraform')
var async = require('async')
var connect = require('connect')
var mime = require('mime')
var cors = require('cors')
var helpers = require('./helpers')
var middleware = require('./middleware')
var pkg = require('../package.json')
Expand All @@ -21,6 +22,11 @@ exports.server = function(dirPath, options, callback){
app.use(middleware.regProjectFinder(dirPath))
app.use(middleware.setup)
app.use(middleware.basicAuth)

if(options.cors) {
app.use(cors({origin: options.cors}))
}

app.use(middleware.underscore)
app.use(middleware.mwl)
app.use(middleware.static)
Expand Down
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
"async": "0.2.9",
"commander": "2.0.0",
"connect": "2.30.2",
"cors": "2.7.1",
"download-github-repo": "0.1.3",
"envy-json": "0.2.1",
"escape-html": "1.0.3",
Expand Down
Empty file added test/apps/cors/cors.txt
View file
Open in desktop
Empty file.
112 changes: 112 additions & 0 deletions test/cors.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
var should = require("should")
var request = require('request')
var path = require("path")
var harp = require("../")

describe("cors", function(){

describe("no-cors", function(){
var projectPath = path.join(__dirname, "apps/cors")
var port = 8120

before(function(done){
harp.server(projectPath, { port: port }, done);
})

it("should not allow access at all", function(done){
var options = {
url: 'http://localhost:'+ port +'/cors.txt',
headers: {
Origin: 'http://some.random.origin'
}
}

request(options, function (e, r, b) {
r.statusCode.should.eql(200)
r.headers.should.not.have.property("access-control-allow-origin")
done()
})
})
})

describe("wildcard", function(){
var projectPath = path.join(__dirname, "apps/cors")
var port = 8121
var cors = true

before(function(done){
harp.server(projectPath, { port: port, cors: cors }, done);
})

it("should allow access from every origin", function(done){
var options = {
url: 'http://localhost:'+ port +'/cors.txt',
headers: {
Origin: 'http://some.random.origin'
}
}

request(options, function (e, r, b) {
r.statusCode.should.eql(200)
r.headers.should.have.property("access-control-allow-origin", "http://some.random.origin")
done()
})
})
})

describe("specific-domains", function(){
var projectPath = path.join(__dirname, "apps/cors")
var port = 8122
var cors = ["http://first.allowed.origin", "http://second.allowed.origin"]

before(function(done){
harp.server(projectPath, { port: port, cors: cors }, done);
})

it("should allow access from origin http://first.allowed.origin", function(done){
var options = {
url: 'http://localhost:'+ port +'/cors.txt',
headers: {
Origin: 'http://first.allowed.origin'
}
}

request(options, function (e, r, b) {
r.statusCode.should.eql(200)
r.headers.should.have.property("access-control-allow-origin", "http://first.allowed.origin")
done()
})
})

it("should allow access from origin http://second.allowed.origin", function(done){
var options = {
url: 'http://localhost:'+ port +'/cors.txt',
headers: {
Origin: 'http://second.allowed.origin'
}
}

request(options, function (e, r, b) {
r.statusCode.should.eql(200)
r.headers.should.have.property("access-control-allow-origin", "http://second.allowed.origin")
done()
})
})

it("should prevent access from http://evil.origin", function(done){
var options = {
url: 'http://localhost:'+ port +'/cors.txt',
headers: {
Origin: 'http://evil.origin'
}
}

request(options, function (e, r, b) {
r.statusCode.should.eql(200)
r.headers.should.not.have.property("access-control-allow-origin")
done()
})
})
})

})