(corsOrigins: string | undefined, corsAllowCredentials: string | undefined)
| 30 | }) |
| 31 | |
| 32 | function getCredentials(corsOrigins: string | undefined, corsAllowCredentials: string | undefined): boolean { |
| 33 | if (corsOrigins === undefined) delete process.env.CORS_ORIGINS |
| 34 | else process.env.CORS_ORIGINS = corsOrigins |
| 35 | if (corsAllowCredentials === undefined) delete process.env.CORS_ALLOW_CREDENTIALS |
| 36 | else process.env.CORS_ALLOW_CREDENTIALS = corsAllowCredentials |
| 37 | |
| 38 | let captured: any |
| 39 | getCorsOptions()({ url: '/api/v1/test' }, (_err: any, options: any) => { |
| 40 | captured = options |
| 41 | }) |
| 42 | return captured.credentials |
| 43 | } |
| 44 | |
| 45 | describe('wildcard + credentials guard', () => { |
| 46 | it('forces credentials to false when CORS_ORIGINS=* and CORS_ALLOW_CREDENTIALS=true', () => { |
no test coverage detected