From fc43ff6e633ccbec675c30adb94e3fe0b1ec30bf Mon Sep 17 00:00:00 2001 From: Hiran del Castillo Date: Thu, 5 Apr 2018 14:06:30 -0500 Subject: [PATCH] [SEMVER-MAJOR] Remove deprecated CORS support It's the responsibility of the applications using API Explorer to configure an app-wide CORS middleware. --- index.js | 24 ------------------------ package.json | 2 -- test/explorer.test.js | 33 --------------------------------- 3 files changed, 59 deletions(-) diff --git a/index.js b/index.js index 312593e..b588f7c 100644 --- a/index.js +++ b/index.js @@ -12,12 +12,10 @@ var g = SG(); /*! * Adds dynamically-updated docs as /explorer */ -var deprecated = require('depd')('loopback-explorer'); var url = require('url'); var path = require('path'); var urlJoin = require('./lib/url-join'); var _defaults = require('lodash').defaults; -var cors = require('cors'); var createSwaggerObject = require('loopback-swagger').generateSwaggerSpec; var SWAGGER_UI_ROOT = require('swagger-ui/index').dist; var STATIC_ROOT = path.join(__dirname, 'public'); @@ -135,9 +133,6 @@ function mountSwagger(loopbackApplication, swaggerApp, opts) { var resourcePath = (opts && opts.resourcePath) || 'swagger.json'; if (resourcePath[0] !== '/') resourcePath = '/' + resourcePath; - var remotes = loopbackApplication.remotes(); - setupCors(swaggerApp, remotes); - swaggerApp.get(resourcePath, function sendSwaggerObject(req, res) { res.status(200).send(swaggerObject); }); @@ -146,22 +141,3 @@ function mountSwagger(loopbackApplication, swaggerApp, opts) { swaggerObject = createSwaggerObject(loopbackApplication, opts); } } - -function setupCors(swaggerApp, remotes) { - var corsOptions = remotes.options && remotes.options.cors; - if (corsOptions === false) return; - - deprecated( - g.f( - 'The built-in CORS middleware provided by loopback-component-explorer ' + - 'was deprecated. See %s for more details.', - 'https://loopback.io/doc/en/lb3/Security-considerations.html' - ) - ); - - if (corsOptions === undefined) { - corsOptions = { origin: true, credentials: true }; - } - - swaggerApp.use(cors(corsOptions)); -} diff --git a/package.json b/package.json index 13126f9..dc80385 100644 --- a/package.json +++ b/package.json @@ -35,9 +35,7 @@ }, "license": "MIT", "dependencies": { - "cors": "^2.7.1", "debug": "^2.2.0", - "depd": "^1.1.0", "lodash": "^4.17.5", "loopback-swagger": "^5.0.0", "strong-globalize": "^3.1.0", diff --git a/test/explorer.test.js b/test/explorer.test.js index ac9bc66..72ff1ee 100644 --- a/test/explorer.test.js +++ b/test/explorer.test.js @@ -258,39 +258,6 @@ describe('explorer', function() { }); }); - describe('Cross-origin resource sharing', function() { - it('allows cross-origin requests by default', function(done) { - var app = loopback(); - process.once('deprecation', function() { /* ignore */ }); - configureRestApiAndExplorer(app, '/explorer'); - - request(app) - .options('/explorer/swagger.json') - .set('Origin', 'http://example.com/') - .expect('Access-Control-Allow-Origin', /^http:\/\/example.com\/|\*/) - .expect('Access-Control-Allow-Methods', /\bGET\b/) - .end(done); - }); - - it('can be disabled by configuration', function(done) { - var app = loopback(); - app.set('remoting', { cors: false }); - configureRestApiAndExplorer(app, '/explorer'); - - request(app) - .options('/explorer/swagger.json') - .end(function(err, res) { - if (err) return done(err); - - var allowOrigin = res.get('Access-Control-Allow-Origin'); - expect(allowOrigin, 'Access-Control-Allow-Origin') - .to.equal(undefined); - - done(); - }); - }); - }); - it('updates swagger object when a new model is added', function(done) { var app = loopback(); app.set('remoting', { cors: false });