diff --git a/lib/angel_cors.dart b/lib/angel_cors.dart index 3c0e14df..d2fec8a1 100644 --- a/lib/angel_cors.dart +++ b/lib/angel_cors.dart @@ -26,6 +26,15 @@ bool _isOriginAllowed(String origin, allowedOrigin) { RequestMiddleware cors([CorsOptions options]) { final opts = options ?? new CorsOptions(); + /* + print(opts.credentials); + print(opts.allowedHeaders); + print(opts.methods); + print(opts.exposedHeaders); + print(opts.maxAge); + print(opts.origin); + */ + return (RequestContext req, ResponseContext res) async { // Access-Control-Allow-Credentials if (opts.credentials == true) { @@ -35,6 +44,9 @@ RequestMiddleware cors([CorsOptions options]) { // Access-Control-Allow-Headers if (opts.allowedHeaders.isNotEmpty) { res.header('Access-Control-Allow-Headers', opts.allowedHeaders.join(',')); + } else { + res.header('Access-Control-Allow-Headers', + req.headers.value('Access-Control-Allow-Headers')); } // Access-Control-Expose-Headers diff --git a/lib/src/cors_options.dart b/lib/src/cors_options.dart index ed6677fa..f8bce33a 100644 --- a/lib/src/cors_options.dart +++ b/lib/src/cors_options.dart @@ -55,7 +55,7 @@ class CorsOptions { 'PUT', 'PATCH', 'POST', - 'DELETE˝' + 'DELETE' ], this.origin: '*', this.preflightContinue: false, diff --git a/test/basic_test.dart b/test/basic_test.dart index 6d3fc1f8..481b930e 100644 --- a/test/basic_test.dart +++ b/test/basic_test.dart @@ -14,9 +14,11 @@ main() { app = new Angel() ..before.add(cors()) ..post('/', (req, res) async { - return res - ..write('hello world') - ..end(); + res.write('hello world'); + return false; + }) + ..all('*', () { + throw new AngelHttpException.NotFound(); }); server = await app.startServer(); @@ -34,6 +36,8 @@ main() { test('POST works', () async { final response = await client.post(url); expect(response.statusCode, equals(200)); + print('Response: ${response.body}'); + print('Headers: ${response.headers}'); expect(response.headers['access-control-allow-origin'], equals('*')); }); }