add origin header check to CORS function

David Brown · David Brown · commit 284c443bdff4 · 2021-05-04T10:27:09.000-07:00
diff --git a/add-cors-header/index.js b/add-cors-header/index.js
@@ -1,11 +1,13 @@
-function handler(event) {
+function handler(event)  {
     var request = event.request;
-    var headers = request.headers;
-    var host = request.headers.host.value;
-   
-   // If origin header is missing, set it equal to the host header.
-   if (!headers.origin)
-       headers.origin = {value:`https://${host}`};
-       
-   return request;
+    var response  = event.response;
+ 
+    // If Access-Control-Allow-Origin CORS header is missing, add it.
+    // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation.
+    if (!response.headers['access-control-allow-origin'] && request.headers['origin']) {
+        headers['access-control-allow-origin'] = {value: request.headers['origin'].value};
+        console.log("Access-Control-Allow-Origin was missing, adding it now.");
+    }
+
+    return response;
 }
diff --git a/add-cors-header/test-objects/no-cors-header.json b/add-cors-header/test-objects/no-cors-header.json
@@ -15,7 +15,8 @@
         },
         "headers": {
             "host": { "value": "www.example.com" },
-            "accept": { "value": "text/html", "multivalue": [ { "value": "text/html" }, { "value": "application/xhtml+xml" } ] }
+            "accept": { "value": "text/html", "multivalue": [ { "value": "text/html" }, { "value": "application/xhtml+xml" } ] },
+            "origin": { "value": "https://www.example.com"}
         },
         "cookies": {
             "id": { "value": "CookeIdValue" },
