Skip to content

Commit

Permalink
Remove unnecessary 'Access-Control-Allow-Methods' header (esm-dev#926)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ije
ije authored Nov 23, 2024
1 parent 4a80b8c commit fef1d90
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 17 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/gorilla/websocket v1.5.3
github.com/ije/esbuild-internal v0.24.0
github.com/ije/gox v0.9.1
github.com/ije/rex v1.13.7
github.com/ije/rex v1.13.8
github.com/yuin/goldmark v1.7.8
github.com/yuin/goldmark-meta v1.1.0
golang.org/x/net v0.31.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ github.com/ije/esbuild-internal v0.24.0 h1:ekQilnTP0YQBpqHwaZwpIWH/YbehY4xctKW8g
github.com/ije/esbuild-internal v0.24.0/go.mod h1:s7HvKZ4ZGifyzvgWpSwnJOQTr6b+bsgfNBZ8HAEwwSM=
github.com/ije/gox v0.9.1 h1:w+hVBqo/e8+g1VUxfikHlIJrcevHhB6WswvPzpGO0w4=
github.com/ije/gox v0.9.1/go.mod h1:3GTaK8WXf6oxRbrViLqKNLTNcMR871Dz0zoujFNmG48=
github.com/ije/rex v1.13.7 h1:8K2LyED+GB2+cxPcOGXJ+Ptyw+xfI6UNNg05SlTjEG8=
github.com/ije/rex v1.13.7/go.mod h1:81UCOz0rEwIjgKFwzRlEjMJcB9BtJSOs0v8k9p5z4lY=
github.com/ije/rex v1.13.8 h1:O6JVXaTPaPgCZWN5PtzPTPEFeIJvOcd4893WcnjfPrU=
github.com/ije/rex v1.13.8/go.mod h1:81UCOz0rEwIjgKFwzRlEjMJcB9BtJSOs0v8k9p5z4lY=
github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
Expand Down
12 changes: 7 additions & 5 deletions server/esm_router.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1617,12 +1617,14 @@ func esmRouter(debug bool) rex.Handle {
fmt.Fprintf(buf, "import __cjs_exports$ from \"%s\";\n", esmPath)
fmt.Fprintf(buf, "export const { %s } = __cjs_exports$;\n", strings.Join(exports.Values(), ", "))
}
if !noDts && ret.Dts != "" {
ctx.SetHeader("X-TypeScript-Types", cdnOrigin+ret.Dts)
ctx.SetHeader("Access-Control-Expose-Headers", "X-ESM-Path, X-TypeScript-Types")
} else {
ctx.SetHeader("Access-Control-Expose-Headers", "X-ESM-Path")
}
}

if ret.Dts != "" && !noDts && !isWorker {
dtsUrl := cdnOrigin + ret.Dts
ctx.SetHeader("X-TypeScript-Types", dtsUrl)
}
if targetFromUA {
appendVaryHeader(ctx.W.Header(), "User-Agent")
}
Expand All @@ -1633,7 +1635,7 @@ func esmRouter(debug bool) rex.Handle {
}
ctx.SetHeader("Content-Type", ctJavaScript)
if ctx.R.Method == http.MethodHead {
return []byte{}
return rex.NoContent()
}
return buf.Bytes()
}
Expand Down
5 changes: 1 addition & 4 deletions server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,19 +177,16 @@ func cors(allowOrigins []string) rex.Handle {
setCorsHeaders(h, isOptionsMethod, "*")
}
if isOptionsMethod {
return rex.Status(204, nil)
return rex.NoContent()
}
return nil
}
}

func setCorsHeaders(h http.Header, isOptionsMethod bool, origin string) {
h.Set("Access-Control-Allow-Origin", origin)
h.Set("Access-Control-Allow-Methods", "HEAD, GET, POST")
if isOptionsMethod {
h.Set("Access-Control-Allow-Headers", "*")
h.Set("Access-Control-Max-Age", "86400")
} else {
h.Set("Access-Control-Expose-Headers", "X-Esm-Path, X-Typescript-Types")
}
}
14 changes: 9 additions & 5 deletions test/cors/cors.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,21 @@ Deno.test("CORS", async () => {
res.body?.cancel();
assertEquals(res.status, 204);
assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*");
assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST");
assertEquals(res.headers.get("Access-Control-Allow-Headers"), "*");
assertEquals(res.headers.get("Access-Control-Max-Age"), "86400");
}
{
const res = await fetch("http://localhost:8080/[email protected]");
res.body?.cancel();
assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*");
assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST");
assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-Esm-Path, X-Typescript-Types");
assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path, X-TypeScript-Types");
assertEquals(res.headers.get("Vary"), "User-Agent");
}
{
const res = await fetch("http://localhost:8080/[email protected]?no-dts");
res.body?.cancel();
assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*");
assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path");
assertEquals(res.headers.get("Vary"), "User-Agent");
}
{
Expand All @@ -26,8 +31,7 @@ Deno.test("CORS", async () => {
});
res.body?.cancel();
assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*");
assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST");
assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-Esm-Path, X-Typescript-Types");
assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path, X-TypeScript-Types");
assertEquals(res.headers.get("Vary"), "User-Agent");
}
});

0 comments on commit fef1d90

Please sign in to comment.