Merge pull request #106 from coding-cpp/fix/103

remove redundant array joins in cors headers
coding-cpp · Oct 9, 2024 · a752213 · a752213
2 parents 5a3b13f + cfeca68
commit a752213
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 12 deletions.
diff --git a/include/expresso/middleware/cors.h b/include/expresso/middleware/cors.h
@@ -11,6 +11,8 @@ class Cors : public Middleware {
   bool credentials;
   bool allowAllOrigins;
 
+  std::string allowedHeaders;
+
   std::set<std::string> origins;
   std::set<std::string> headers;
   std::set<expresso::enums::method> methods;

diff --git a/src/middleware/cors.cpp b/src/middleware/cors.cpp
@@ -22,15 +22,14 @@ const std::string Cors::FORBIDDEN = "Forbidden";
 } // namespace expresso::middleware
 
 expresso::middleware::Cors::Cors()
-    : credentials(false), allowAllOrigins(false) {
+    : credentials(false), allowAllOrigins(false), allowedHeaders("") {
   for (std::string _header : this->HEADERS) {
     this->headers.insert(_header);
   }
 
   this->allowMethod(expresso::enums::method::GET);
   this->allowMethod(expresso::enums::method::POST);
   this->allowMethod(expresso::enums::method::OPTIONS);
-
   return;
 }
 
@@ -41,11 +40,9 @@ void expresso::middleware::Cors::allowOrigin(std::string origin) {
     origin = "." + origin;
   }
   this->origins.insert(origin);
-
   if (origin == ".*") {
     this->allowAllOrigins = true;
   }
-
   return;
 }
 
@@ -61,25 +58,22 @@ void expresso::middleware::Cors::allowMethod(std::string method) {
 
   this->methods.insert(static_cast<expresso::enums::method>(
       std::distance(expresso::enums::methods.begin(), methodIter) - 1));
-
   return;
 }
 
 void expresso::middleware::Cors::allowMethod(expresso::enums::method method) {
   this->methods.insert(method);
-
   return;
 }
 
 void expresso::middleware::Cors::allowHeader(std::string header) {
   this->headers.insert(brewtils::string::lower(header));
-
+  this->allowedHeaders = brewtils::string::join(this->headers, ", ");
   return;
 }
 
 void expresso::middleware::Cors::allowCredentials(bool credentials) {
   this->credentials = credentials;
-
   return;
 }
 
@@ -90,7 +84,6 @@ bool expresso::middleware::Cors::use(expresso::core::Request &req,
   }
 
   std::string requestOrigin = req.headers["origin"];
-
   if (requestOrigin == "") {
     res.set("access-control-allow-origin", "null");
     res.status(expresso::enums::STATUS_CODE::FORBIDDEN)
@@ -99,7 +92,6 @@ bool expresso::middleware::Cors::use(expresso::core::Request &req,
   }
 
   bool isOriginPresent = false;
-
   for (std::string origin : this->origins) {
     if (std::regex_match(requestOrigin, std::regex(origin))) {
       res.set("access-control-allow-origin", origin.substr(1, origin.size()));
@@ -118,7 +110,6 @@ bool expresso::middleware::Cors::use(expresso::core::Request &req,
   res.set("access-control-allow-credentials",
           this->credentials ? "true" : "false");
   res.set("access-control-allow-headers",
-          brewtils::string::join(this->headers, ", "));
-
+          this->allowedHeaders == "" ? "*" : this->allowedHeaders);
   return true;
 }