Skip to content

Commit b98406a

Browse files
mokesmokes2mokesmokes2
committed
fix GH-211, set CORS headers when sending error message
1 parent 3358918 commit b98406a

File tree

2 files changed

+22
-4
lines changed

2 files changed

+22
-4
lines changed

lib/server.js

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ Server.prototype.handleRequest = function(req, res){
169169
var self = this;
170170
this.verify(req, false, function(err, success) {
171171
if (!success) {
172-
sendErrorMessage(res, err);
172+
sendErrorMessage(req, res, err);
173173
return;
174174
}
175175

@@ -190,8 +190,16 @@ Server.prototype.handleRequest = function(req, res){
190190
* @api private
191191
*/
192192

193-
function sendErrorMessage(res, code) {
194-
res.writeHead(400, { 'Content-Type': 'application/json' });
193+
function sendErrorMessage(req, res, code) {
194+
var headers = { 'Content-Type': 'application/json' };
195+
196+
if (req.headers.origin) {
197+
headers['Access-Control-Allow-Credentials'] = 'true';
198+
headers['Access-Control-Allow-Origin'] = req.headers.origin;
199+
} else {
200+
headers['Access-Control-Allow-Origin'] = '*';
201+
}
202+
res.writeHead(400, headers);
195203
res.end(JSON.stringify({
196204
code: code,
197205
message: Server.errorMessages[code]
@@ -225,7 +233,7 @@ Server.prototype.handshake = function(transport, req){
225233
}
226234
}
227235
catch (e) {
228-
sendErrorMessage(req.res, Server.errors.BAD_REQUEST);
236+
sendErrorMessage(req, req.res, Server.errors.BAD_REQUEST);
229237
return;
230238
}
231239
var socket = new Socket(id, this, transport, req);

test/server.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ describe('server', function () {
2626
expect(res.status).to.be(400);
2727
expect(res.body.code).to.be(0);
2828
expect(res.body.message).to.be('Transport unknown');
29+
expect(res.header['access-control-allow-origin']).to.be('*');
2930
done();
3031
});
3132
});
@@ -35,11 +36,14 @@ describe('server', function () {
3536
// make sure we check for actual properties - not those present on every {}
3637
var engine = listen(function (port) {
3738
request.get('http://localhost:%d/engine.io/default/'.s(port))
39+
.set('Origin', 'http://engine.io')
3840
.query({ transport: 'constructor' })
3941
.end(function (res) {
4042
expect(res.status).to.be(400);
4143
expect(res.body.code).to.be(0);
4244
expect(res.body.message).to.be('Transport unknown');
45+
expect(res.header['access-control-allow-credentials']).to.be('true');
46+
expect(res.header['access-control-allow-origin']).to.be('http://engine.io');
4347
done();
4448
});
4549
});
@@ -48,11 +52,14 @@ describe('server', function () {
4852
it('should disallow non-existent sids', function (done) {
4953
var engine = listen(function (port) {
5054
request.get('http://localhost:%d/engine.io/default/'.s(port))
55+
.set('Origin', 'http://engine.io')
5156
.query({ transport: 'polling', sid: 'test' })
5257
.end(function (res) {
5358
expect(res.status).to.be(400);
5459
expect(res.body.code).to.be(1);
5560
expect(res.body.message).to.be('Session ID unknown');
61+
expect(res.header['access-control-allow-credentials']).to.be('true');
62+
expect(res.header['access-control-allow-origin']).to.be('http://engine.io');
5663
done();
5764
});
5865
});
@@ -259,11 +266,14 @@ describe('server', function () {
259266
it('should disallow bad requests', function (done) {
260267
var engine = listen(function (port) {
261268
request.get('http://localhost:%d/engine.io/default/'.s(port))
269+
.set('Origin', 'http://engine.io')
262270
.query({ transport: 'websocket' })
263271
.end(function (res) {
264272
expect(res.status).to.be(400);
265273
expect(res.body.code).to.be(3);
266274
expect(res.body.message).to.be('Bad request');
275+
expect(res.header['access-control-allow-credentials']).to.be('true');
276+
expect(res.header['access-control-allow-origin']).to.be('http://engine.io');
267277
done();
268278
});
269279
});

0 commit comments

Comments
 (0)