-
Notifications
You must be signed in to change notification settings - Fork 338
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS support #525
CORS support #525
Conversation
Reviewing on mobile so I might just have missed it but I couldn’t see a test that shows CORS actually working? A test harness to show tyre and false do things, and maybe some unit or integration with more specifics. |
@philsturgeon See #412 — I added some comments there. We need to take a "product" decision before bringing this over the finish line. |
2c90382
to
e05be76
Compare
a12bf3f
to
f88f34a
Compare
@philsturgeon I've added two tests checking out the response, the headers and what happens if the CORS is disabled. Let me know if you want to test some particular scenarios. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need one more e2e test where both OPTIONS is defined in a spec and CORS is enabled (so that we can see that OPTIONS from spec is ignored).
Very good point, I'll add one! |
Co-Authored-By: Phil Sturgeon <[email protected]>
opts.config.cors | ||
? server.route({ | ||
url: '*', | ||
method: ['GET', 'DELETE', 'HEAD', 'PATCH', 'POST', 'PUT'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we are going to whitelist methods we should at least have all the ones OpenAPI supports.
Should we switch to method: '*'
instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately we cannot use *
because otherwise the CORS plugin would complain (you need to leave the OPTIONS
verb free); so I put all the other verbs that Fastify supports. Any other will make the framework scream at me.
This PR installs the CORS middleware to the Prism instance when the
--cors
flag is enabled (which is enabled by default).Docs and changeling added as well
Closes #412