fix: incorrect header name for CORS preflight request (#166)

keroxp · Jul 26, 2021 · 97049d2 · 97049d2
1 parent 2e04fe1
commit 97049d2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/middleware/cors.ts b/middleware/cors.ts
@@ -72,7 +72,7 @@ export function cors({
         req,
       );
       if (isValidOrigin === false) return;
-      setAccessControlRequestMethods(methods, req);
+      setAccessControlRequestMethod(methods, req);
       setAccessControlRequestHeaders(allowedHeaders, req);
       setAcessControlExposeHeaders(exposedHeaders, req);
 
@@ -128,8 +128,8 @@ function setAccessControlAllowOrigin(
   }
 }
 
-function setAccessControlRequestMethods(methods: string[], req: ServerRequest) {
-  const requestMethods = req.headers.get("access-control-request-methods");
+function setAccessControlRequestMethod(methods: string[], req: ServerRequest) {
+  const requestMethods = req.headers.get("access-control-request-method");
   if (requestMethods && methods.length > 0) {
     const list = requestMethods.split(",").map((v) => v.trim());
     const allowed = list.filter((v) => methods.includes(v));

diff --git a/middleware/cors_test.ts b/middleware/cors_test.ts
@@ -9,7 +9,7 @@ group("cors", (t) => {
       method: "OPTIONS",
       headers: new Headers({
         "origin": "https://servestjs.org",
-        "access-control-request-methods": "GET,HEAD,POST",
+        "access-control-request-method": "GET",
         "access-control-request-headers": "x-servest-version",
       }),
     });
@@ -30,7 +30,7 @@ group("cors", (t) => {
     );
     assertEquals(
       resp.headers.get("access-control-allow-methods"),
-      "GET, HEAD",
+      "GET",
     );
     assertEquals(
       resp.headers.get("access-control-allow-headers"),