Allow array of matching conditions as options.origin

gagangupt16 · May 28, 2015 · e64e854 · e64e854
1 parent be55bc5
commit e64e854
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 13 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -13,32 +13,53 @@
     };
 
   function varyHeadersOn(vary, headers) {
-      headers = Array.isArray(headers) ? headers.slice(0) : [headers];
       vary = Array.isArray(vary) ? vary : [vary];
+      headers = Array.isArray(headers) ? headers.slice(0) : [headers];
       for (var i = 0; i < vary.length; ++i)
-          headers.push({ key: 'Vary', value: vary[i] });
+        headers.push({ key: 'Vary', value: vary[i] });
       return headers;
   }
+
+  function isString(what) {
+    return typeof what === 'string' || what instanceof String;
+  }
+
+  function matchOrigin(origin, check) {
+    if (Array.isArray(check)) {
+      for (var i = 0; i < check.length; ++i) {
+        if (matchOrigin(origin, check[i]))
+          return true;
+      }
+      return false;
+    } else if (isString(check)) {
+      return origin === check;
+    } else if (check instanceof RegExp) {
+      return check.test(origin);
+    } else {
+      return !!check;
+    }
+  }
 
   function configureOrigin(options, req) {
     var origin = req.headers.origin;
     if (!options.origin || options.origin === '*') {
+      // allow any origin
       return {
         key: 'Access-Control-Allow-Origin',
         value: '*'
       };
+    } else if (isString(options.origin)) {
+      // fixed origin
+      return varyHeadersOn('Origin', {
+        key: 'Access-Control-Allow-Origin',
+        value: options.origin
+      });
     } else {
-      if (options.origin instanceof RegExp) {
-        return varyHeadersOn('Origin', {
-            key: 'Access-Control-Allow-Origin',
-            value: options.origin.test(origin) ? origin : false
-        });
-      } else {
-        return varyHeadersOn('Origin', {
-            key: 'Access-Control-Allow-Origin',
-            value: options.origin === true ? origin : options.origin
-        });
-      }
+      // reflect origin
+      return varyHeadersOn('Origin', {
+        key: 'Access-Control-Allow-Origin',
+        value: matchOrigin(origin, options.origin) ? origin : false
+      });
     }
   }
 

diff --git a/test/cors.js b/test/cors.js
@@ -193,6 +193,19 @@
         cors(options)(req, res, function(err) {
           should.not.exist(err);
           res.getHeader('Access-Control-Allow-Origin').should.equal(req.headers.origin);
+          res.getHeader('Vary').should.equal('Origin');
+          return done();
+        });
+      });
+
+      it('matches request origin against array of origin checks', function(done) {
+        var req = fakeRequest();
+        var res = fakeResponse();
+        var options = { origin: [ /foo\.com$/, 'request.com' ] };
+        cors(options)(req, res, function(err) {
+          should.not.exist(err);
+          res.getHeader('Access-Control-Allow-Origin').should.equal(req.headers.origin);
+          res.getHeader('Vary').should.equal('Origin');
           return done();
         });
       });