From 97049d21620f49ab54a9f02ee331ea16a872382e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20E=2E=20Gonz=C3=A1lez?= Date: Mon, 26 Jul 2021 13:34:58 -0500 Subject: [PATCH] fix: incorrect header name for CORS preflight request (#166) --- middleware/cors.ts | 6 +++--- middleware/cors_test.ts | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/middleware/cors.ts b/middleware/cors.ts index b032556..dde5705 100644 --- a/middleware/cors.ts +++ b/middleware/cors.ts @@ -72,7 +72,7 @@ export function cors({ req, ); if (isValidOrigin === false) return; - setAccessControlRequestMethods(methods, req); + setAccessControlRequestMethod(methods, req); setAccessControlRequestHeaders(allowedHeaders, req); setAcessControlExposeHeaders(exposedHeaders, req); @@ -128,8 +128,8 @@ function setAccessControlAllowOrigin( } } -function setAccessControlRequestMethods(methods: string[], req: ServerRequest) { - const requestMethods = req.headers.get("access-control-request-methods"); +function setAccessControlRequestMethod(methods: string[], req: ServerRequest) { + const requestMethods = req.headers.get("access-control-request-method"); if (requestMethods && methods.length > 0) { const list = requestMethods.split(",").map((v) => v.trim()); const allowed = list.filter((v) => methods.includes(v)); diff --git a/middleware/cors_test.ts b/middleware/cors_test.ts index 34d9a91..494737a 100644 --- a/middleware/cors_test.ts +++ b/middleware/cors_test.ts @@ -9,7 +9,7 @@ group("cors", (t) => { method: "OPTIONS", headers: new Headers({ "origin": "https://servestjs.org", - "access-control-request-methods": "GET,HEAD,POST", + "access-control-request-method": "GET", "access-control-request-headers": "x-servest-version", }), }); @@ -30,7 +30,7 @@ group("cors", (t) => { ); assertEquals( resp.headers.get("access-control-allow-methods"), - "GET, HEAD", + "GET", ); assertEquals( resp.headers.get("access-control-allow-headers"),