From fef1d904fe58e4775b7194bd9eec031eb252e56a Mon Sep 17 00:00:00 2001 From: Je Xia Date: Sat, 23 Nov 2024 17:55:02 +0800 Subject: [PATCH] Remove unnecessary 'Access-Control-Allow-Methods' header (#926) --- go.mod | 2 +- go.sum | 4 ++-- server/esm_router.go | 12 +++++++----- server/server.go | 5 +---- test/cors/cors.test.ts | 14 +++++++++----- 5 files changed, 20 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index cd56898e8..a389fdd86 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/ije/esbuild-internal v0.24.0 github.com/ije/gox v0.9.1 - github.com/ije/rex v1.13.7 + github.com/ije/rex v1.13.8 github.com/yuin/goldmark v1.7.8 github.com/yuin/goldmark-meta v1.1.0 golang.org/x/net v0.31.0 diff --git a/go.sum b/go.sum index 07760cc4d..400d07467 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/ije/esbuild-internal v0.24.0 h1:ekQilnTP0YQBpqHwaZwpIWH/YbehY4xctKW8g github.com/ije/esbuild-internal v0.24.0/go.mod h1:s7HvKZ4ZGifyzvgWpSwnJOQTr6b+bsgfNBZ8HAEwwSM= github.com/ije/gox v0.9.1 h1:w+hVBqo/e8+g1VUxfikHlIJrcevHhB6WswvPzpGO0w4= github.com/ije/gox v0.9.1/go.mod h1:3GTaK8WXf6oxRbrViLqKNLTNcMR871Dz0zoujFNmG48= -github.com/ije/rex v1.13.7 h1:8K2LyED+GB2+cxPcOGXJ+Ptyw+xfI6UNNg05SlTjEG8= -github.com/ije/rex v1.13.7/go.mod h1:81UCOz0rEwIjgKFwzRlEjMJcB9BtJSOs0v8k9p5z4lY= +github.com/ije/rex v1.13.8 h1:O6JVXaTPaPgCZWN5PtzPTPEFeIJvOcd4893WcnjfPrU= +github.com/ije/rex v1.13.8/go.mod h1:81UCOz0rEwIjgKFwzRlEjMJcB9BtJSOs0v8k9p5z4lY= github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= diff --git a/server/esm_router.go b/server/esm_router.go index 6abdf8a58..aab363a2a 100644 --- a/server/esm_router.go +++ b/server/esm_router.go @@ -1617,12 +1617,14 @@ func esmRouter(debug bool) rex.Handle { fmt.Fprintf(buf, "import __cjs_exports$ from \"%s\";\n", esmPath) fmt.Fprintf(buf, "export const { %s } = __cjs_exports$;\n", strings.Join(exports.Values(), ", ")) } + if !noDts && ret.Dts != "" { + ctx.SetHeader("X-TypeScript-Types", cdnOrigin+ret.Dts) + ctx.SetHeader("Access-Control-Expose-Headers", "X-ESM-Path, X-TypeScript-Types") + } else { + ctx.SetHeader("Access-Control-Expose-Headers", "X-ESM-Path") + } } - if ret.Dts != "" && !noDts && !isWorker { - dtsUrl := cdnOrigin + ret.Dts - ctx.SetHeader("X-TypeScript-Types", dtsUrl) - } if targetFromUA { appendVaryHeader(ctx.W.Header(), "User-Agent") } @@ -1633,7 +1635,7 @@ func esmRouter(debug bool) rex.Handle { } ctx.SetHeader("Content-Type", ctJavaScript) if ctx.R.Method == http.MethodHead { - return []byte{} + return rex.NoContent() } return buf.Bytes() } diff --git a/server/server.go b/server/server.go index c48dfb399..d08be0b3a 100644 --- a/server/server.go +++ b/server/server.go @@ -177,7 +177,7 @@ func cors(allowOrigins []string) rex.Handle { setCorsHeaders(h, isOptionsMethod, "*") } if isOptionsMethod { - return rex.Status(204, nil) + return rex.NoContent() } return nil } @@ -185,11 +185,8 @@ func cors(allowOrigins []string) rex.Handle { func setCorsHeaders(h http.Header, isOptionsMethod bool, origin string) { h.Set("Access-Control-Allow-Origin", origin) - h.Set("Access-Control-Allow-Methods", "HEAD, GET, POST") if isOptionsMethod { h.Set("Access-Control-Allow-Headers", "*") h.Set("Access-Control-Max-Age", "86400") - } else { - h.Set("Access-Control-Expose-Headers", "X-Esm-Path, X-Typescript-Types") } } diff --git a/test/cors/cors.test.ts b/test/cors/cors.test.ts index ef8b76900..521278d6c 100644 --- a/test/cors/cors.test.ts +++ b/test/cors/cors.test.ts @@ -6,7 +6,6 @@ Deno.test("CORS", async () => { res.body?.cancel(); assertEquals(res.status, 204); assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*"); - assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST"); assertEquals(res.headers.get("Access-Control-Allow-Headers"), "*"); assertEquals(res.headers.get("Access-Control-Max-Age"), "86400"); } @@ -14,8 +13,14 @@ Deno.test("CORS", async () => { const res = await fetch("http://localhost:8080/react@18.2.0"); res.body?.cancel(); assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*"); - assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST"); - assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-Esm-Path, X-Typescript-Types"); + assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path, X-TypeScript-Types"); + assertEquals(res.headers.get("Vary"), "User-Agent"); + } + { + const res = await fetch("http://localhost:8080/react@18.2.0?no-dts"); + res.body?.cancel(); + assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*"); + assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path"); assertEquals(res.headers.get("Vary"), "User-Agent"); } { @@ -26,8 +31,7 @@ Deno.test("CORS", async () => { }); res.body?.cancel(); assertEquals(res.headers.get("Access-Control-Allow-Origin"), "*"); - assertEquals(res.headers.get("Access-Control-Allow-Methods"), "HEAD, GET, POST"); - assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-Esm-Path, X-Typescript-Types"); + assertEquals(res.headers.get("Access-Control-Expose-Headers"), "X-ESM-Path, X-TypeScript-Types"); assertEquals(res.headers.get("Vary"), "User-Agent"); } });