verdnatura-mirror
/
loopback-component-explorer
mirror of https://github.com/strongloop/loopback-component-explorer.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deprecate built-in CORS middleware 

Push the responsibility of enabling/configuring CORS back to the
application developer.
This commit is contained in:
Miroslav Bajtoš 2016-09-21 11:08:49 +02:00
parent 72aced6500
commit d78f1344e2
3 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
index.js
View File

@ -12,6 +12,7 @@ var g = SG();
/*! /*!
* Adds dynamically-updated docs as /explorer * Adds dynamically-updated docs as /explorer
*/ */
var deprecated = require('depd')('loopback-explorer');
var url = require('url'); var url = require('url');
var path = require('path'); var path = require('path');
var urlJoin = require('./lib/url-join'); var urlJoin = require('./lib/url-join');
@ -133,9 +134,19 @@ function mountSwagger(loopbackApplication, swaggerApp, opts) {
} }
function setupCors(swaggerApp, remotes) { function setupCors(swaggerApp, remotes) {
var corsOptions = remotes.options && remotes.options.cors || var corsOptions = remotes.options && remotes.options.cors;
{ origin: true, credentials: true }; if (corsOptions === false)
return;
deprecated(g.f(
'The built-in CORS middleware provided by loopback-component-explorer ' +
'was deprecated. See %s for more details.',
'https://docs.strongloop.com/display/public/LB/Security+considerations'
));
if (corsOptions === undefined) {
corsOptions = { origin: true, credentials: true };
}
// TODO(bajtos) Skip CORS when remotes.options.cors === false
swaggerApp.use(cors(corsOptions)); swaggerApp.use(cors(corsOptions));
} }

1
package.json
View File

@ -34,6 +34,7 @@
"dependencies": { "dependencies": {
"cors": "^2.7.1", "cors": "^2.7.1",
"debug": "^2.2.0", "debug": "^2.2.0",
"depd": "^1.1.0",
"lodash": "^3.10.0", "lodash": "^3.10.0",
"loopback-swagger": "^2.1.0", "loopback-swagger": "^2.1.0",
"strong-globalize": "^2.6.2", "strong-globalize": "^2.6.2",

12
test/explorer.test.js
View File

@ -87,6 +87,7 @@ describe('explorer', function() {
it('should serve correct swagger-ui config', function(done) { it('should serve correct swagger-ui config', function(done) {
var app = loopback(); var app = loopback();
app.set('restApiRoot', '/rest-api-root'); app.set('restApiRoot', '/rest-api-root');
app.set('remoting', { cors: false });
configureRestApiAndExplorer(app); configureRestApiAndExplorer(app);
request(app) request(app)
@ -108,6 +109,7 @@ describe('explorer', function() {
// if the basePath ends with a slash too, an incorrect URL is produced // if the basePath ends with a slash too, an incorrect URL is produced
var app = loopback(); var app = loopback();
app.set('restApiRoot', '/apis/'); app.set('restApiRoot', '/apis/');
app.set('remoting', { cors: false });
configureRestApiAndExplorer(app); configureRestApiAndExplorer(app);
request(app) request(app)
@ -129,6 +131,7 @@ describe('explorer', function() {
var app; var app;
beforeEach(function setupExplorerWithUiDirs() { beforeEach(function setupExplorerWithUiDirs() {
app = loopback(); app = loopback();
app.set('remoting', { cors: false });
explorer(app, { explorer(app, {
uiDirs: [path.resolve(__dirname, 'fixtures', 'dummy-swagger-ui')], uiDirs: [path.resolve(__dirname, 'fixtures', 'dummy-swagger-ui')],
}); });
@ -160,6 +163,7 @@ describe('explorer', function() {
var app; var app;
beforeEach(function setupExplorerWithoutUI() { beforeEach(function setupExplorerWithoutUI() {
app = loopback(); app = loopback();
app.set('remoting', { cors: false });
explorer(app, { explorer(app, {
swaggerUI: false, swaggerUI: false,
}); });
@ -195,6 +199,7 @@ describe('explorer', function() {
var app; var app;
beforeEach(function() { beforeEach(function() {
app = loopback(); app = loopback();
app.set('remoting', { cors: false });
var Product = loopback.PersistedModel.extend('product'); var Product = loopback.PersistedModel.extend('product');
Product.attachTo(loopback.memory()); Product.attachTo(loopback.memory());
app.model(Product); app.model(Product);
@ -216,6 +221,7 @@ describe('explorer', function() {
var app; var app;
beforeEach(function() { beforeEach(function() {
app = loopback(); app = loopback();
app.set('remoting', { cors: false });
}); });
it('should allow `uiDirs` to be defined as an Array', function(done) { it('should allow `uiDirs` to be defined as an Array', function(done) {
@ -246,6 +252,7 @@ describe('explorer', function() {
describe('Cross-origin resource sharing', function() { describe('Cross-origin resource sharing', function() {
it('allows cross-origin requests by default', function(done) { it('allows cross-origin requests by default', function(done) {
var app = loopback(); var app = loopback();
process.once('deprecation', function() { /* ignore */ });
configureRestApiAndExplorer(app, '/explorer'); configureRestApiAndExplorer(app, '/explorer');
request(app) request(app)
@ -258,7 +265,7 @@ describe('explorer', function() {
it('can be disabled by configuration', function(done) { it('can be disabled by configuration', function(done) {
var app = loopback(); var app = loopback();
app.set('remoting', { cors: { origin: false }}); app.set('remoting', { cors: false });
configureRestApiAndExplorer(app, '/explorer'); configureRestApiAndExplorer(app, '/explorer');
request(app) request(app)
@ -277,6 +284,7 @@ describe('explorer', function() {
it('updates swagger object when a new model is added', function(done) { it('updates swagger object when a new model is added', function(done) {
var app = loopback(); var app = loopback();
app.set('remoting', { cors: false });
configureRestApiAndExplorer(app, '/explorer'); configureRestApiAndExplorer(app, '/explorer');
// Ensure the swagger object was built // Ensure the swagger object was built
@ -310,6 +318,7 @@ describe('explorer', function() {
it('updates swagger object when a remote method is disabled', function(done) { it('updates swagger object when a remote method is disabled', function(done) {
var app = loopback(); var app = loopback();
app.set('remoting', { cors: false });
configureRestApiAndExplorer(app, '/explorer'); configureRestApiAndExplorer(app, '/explorer');
// Ensure the swagger object was built // Ensure the swagger object was built
@ -344,6 +353,7 @@ describe('explorer', function() {
function givenLoopBackAppWithExplorer(explorerBase) { function givenLoopBackAppWithExplorer(explorerBase) {
return function(done) { return function(done) {
var app = this.app = loopback(); var app = this.app = loopback();
app.set('remoting', { cors: false });
configureRestApiAndExplorer(app, explorerBase); configureRestApiAndExplorer(app, explorerBase);
done(); done();