Skip to content

Commit

Permalink
Merge pull request #160 from nulib/cors-header-fix
Browse files Browse the repository at this point in the history 
CORS: Add ETag to exposed headers and HEAD to allowed methods
  • Loading branch information
@mbklein
mbklein authored Aug 28, 2023
2 parents 29e5534 + 9c3e481 commit 7cc3b16
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion src/helpers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,29 @@ const AcceptableHeaders = [
"X-Forwarded-Port",
"X-Requested-With",
];

const ExposedHeaders = [
"Cache-Control",
"Content-Language",
"Content-Length",
"Content-Type",
"Date",
"ETag",
"Expires",
"Last-Modified",
"Pragma",
];

const TextTypes = new RegExp(/^(application\/(json|(.+\+)?xml)$|text\/)/);

function addCorsHeaders(event, response) {
const allowOrigin = event?.headers?.origin || "*";
const corsHeaders = {
"Access-Control-Allow-Origin": allowOrigin,
"Access-Control-Allow-Headers": AcceptableHeaders.join(", "),
"Access-Control-Allow-Methods": "POST, GET, OPTIONS",
"Access-Control-Allow-Methods": "POST, GET, HEAD, OPTIONS",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Expose-Headers": ExposedHeaders.join(", "),
"Access-Control-Max-Age": "600",
};
if (!response.headers) response.headers = {};
Expand Down

0 comments on commit 7cc3b16

Please sign in to comment.