mrpastewart/platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
platform/lib/angel_cors.dart
thosakwe 2137470d79 Failing, but...
2016-12-04 21:16:54 -05:00

77 lines
2.2 KiB
Dart
Raw Blame History

/// Angel CORS middleware.
library angel_cors;
import 'package:angel_framework/angel_framework.dart';
import 'src/cors_options.dart';
export 'src/cors_options.dart';
/// Determines if a request origin is CORS-able.
typedef bool CorsFilter(String origin);
bool _isOriginAllowed(String origin, allowedOrigin) {
if (allowedOrigin is List) {
return allowedOrigin.any((x) => _isOriginAllowed(origin, x));
} else if (allowedOrigin is String) {
return origin == allowedOrigin;
} else if (allowedOrigin is RegExp) {
return allowedOrigin.hasMatch(origin);
} else if (allowedOrigin is CorsFilter) {
return allowedOrigin(origin);
} else {
return allowedOrigin != false;
}
}
/// Applies the given [CorsOptions].
RequestMiddleware cors([CorsOptions options]) {
final opts = options ?? new CorsOptions();
return (RequestContext req, ResponseContext res) async {
// Access-Control-Allow-Credentials
if (opts.credentials == true) {
res.header('Access-Control-Allow-Credentials', 'true');
}
// Access-Control-Allow-Headers
if (opts.allowedHeaders.isNotEmpty) {
res.header('Access-Control-Allow-Headers', opts.allowedHeaders.join(','));
}
// Access-Control-Expose-Headers
if (opts.exposedHeaders.isNotEmpty) {
res.header(
'Access-Control-Expose-Headers', opts.exposedHeaders.join(','));
}
// Access-Control-Allow-Methods
if (opts.methods.isNotEmpty) {
res.header('Access-Control-Allow-Methods', opts.methods.join(','));
}
// Access-Control-Max-Age
if (opts.maxAge != null) {
res.header('Access-Control-Max-Age', opts.maxAge.toString());
}
// Access-Control-Allow-Origin
if (opts.origin == false || opts.origin == '*') {
res.header('Access-Control-Allow-Origin', '*');
} else if (opts.origin is String) {
res
..header('Access-Control-Allow-Origin', opts.origin)
..header('Vary', 'Origin');
} else {
bool isAllowed =
_isOriginAllowed(req.headers.value('Origin'), opts.origin);
res.header('Access-Control-Allow-Origin',
isAllowed ? req.headers.value('Origin') : false.toString());
if (isAllowed) {
res.header('Vary', 'Origin');
}
}
return true;
};
}
Reference in a new issue View git blame Copy permalink