Skip to content

Commit

Permalink
Merge pull request mschae#15 from jer-k/multiple_origins
Browse files Browse the repository at this point in the history
Allow multiple origins to be set
  • Loading branch information
mschae committed Feb 9, 2016
2 parents 23b783f + f38943f commit 7b5dc8e
Showing 3 changed files with 34 additions and 10 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -66,7 +66,7 @@ On `GET`, `POST`, ... requests:
You can configure the value of these headers as follows:

```elixir
plug CORSPlug, [origin: "example.com"]
plug CORSPlug, [origins: ["example.com"]]
```

Please find the list of current defaults in [cors_plug.ex](lib/cors_plug.ex#L5:L13).
14 changes: 10 additions & 4 deletions lib/cors_plug.ex
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@ defmodule CORSPlug do

def defaults do
[
origin: "*",
origins: ["*"],
credentials: true,
max_age: 1728000,
headers: ["Authorization", "Content-Type", "Accept", "Origin",
@@ -37,19 +37,25 @@ defmodule CORSPlug do

defp headers(conn, options) do
[
{"access-control-allow-origin", origin(options[:origin], conn)},
{"access-control-allow-origin", origin(options[:origins], conn)},
{"access-control-expose-headers", origin(options[:expose], conn)},
{"access-control-allow-credentials", "#{options[:credentials]}"}
]
end

defp origin(:self, conn) do
defp origin([:self], conn) do
{_, host} =
Enum.find(conn.req_headers,
{nil, "*"},
fn({header, _val}) -> header == "origin" end)
host
end

defp origin(origin, _conn), do: origin
defp origin(["*"], _conn), do: "*"

defp origin(origins, conn) do
req_origin = get_req_header(conn, "origin") |> List.first
Enum.find(origins, fn(origin) -> origin == req_origin end)
end

end
28 changes: 23 additions & 5 deletions test/cors_plug_test.exs
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@ defmodule CORSPlugTest do
use ExUnit.Case
use Plug.Test


test "returns the right options for regular requests" do
opts = CORSPlug.init([])
conn = conn(:get, "/")
@@ -13,8 +12,9 @@ defmodule CORSPlugTest do
end

test "lets me overwrite options" do
opts = CORSPlug.init(origin: "example.com")
conn = conn(:get, "/")
opts = CORSPlug.init(origins: ["example.com"])
conn = conn(:get, "/", nil,
headers: [{"origin", "example.com"}])

conn = CORSPlug.call(conn, opts)

@@ -42,8 +42,26 @@ defmodule CORSPlugTest do
end
end

test "origin :self returns the request host" do
opts = CORSPlug.init(origin: :self)
test "returns the origin when it is valid" do
opts = CORSPlug.init(origins: ["example1.com", "example2.com"])
conn = conn(:get, "/", nil,
headers: [{"origin", "example1.com"}])

conn = CORSPlug.call(conn, opts)
assert Enum.member? conn.resp_headers, {"access-control-allow-origin", "example1.com"}
end

test "returns nil when the origin is invalid" do
opts = CORSPlug.init(origins: ["example1.com"])
conn = conn(:get, "/", nil,
headers: [{"origin", "example2.com"}])

conn = CORSPlug.call(conn, opts)
assert Enum.member? conn.resp_headers, {"access-control-allow-origin", nil}
end

test "returns the request host when origin is :self" do
opts = CORSPlug.init(origins: [:self])
conn = conn(:get, "/", nil,
headers: [{"origin", "http://cors-plug.example"}])

0 comments on commit 7b5dc8e

Please sign in to comment.