corsPreflight - handle preflight CORS requests * @param {object} request - http request object * @param {function} log - Werelogs request logger * @param {function} callback - callback to respond to http request * with either error code or 200 response * @return {undefined}
(request, log, callback)
| 24 | * @return {undefined} |
| 25 | */ |
| 26 | function corsPreflight(request, log, callback) { |
| 27 | log.debug('processing request', { method: 'corsPreflight' }); |
| 28 | |
| 29 | const bucketName = request.bucketName; |
| 30 | const corsOrigin = request.headers.origin; |
| 31 | const corsMethod = request.headers['access-control-request-method']; |
| 32 | const corsHeaders = request.headers['access-control-request-headers'] ? |
| 33 | request.headers['access-control-request-headers'].replace(/ /g, '') |
| 34 | .split(',').reduce((resultArr, value) => { |
| 35 | // remove empty values and convert values to lowercase |
| 36 | if (value !== '') { |
| 37 | resultArr.push(value.toLowerCase()); |
| 38 | } |
| 39 | return resultArr; |
| 40 | }, []) : null; |
| 41 | |
| 42 | return metadata.getBucket(bucketName, log, (err, bucket) => { |
| 43 | if (err) { |
| 44 | log.debug('metadata getbucket failed', { error: err }); |
| 45 | return callback(err); |
| 46 | } |
| 47 | if (bucketShield(bucket, requestType)) { |
| 48 | return callback(errors.NoSuchBucket); |
| 49 | } |
| 50 | log.trace('found bucket in metadata'); |
| 51 | |
| 52 | const corsRules = bucket.getCors(); |
| 53 | if (!corsRules) { |
| 54 | const err = errorInstances.AccessForbidden |
| 55 | .customizeDescription(customizedErrs.corsNotEnabled); |
| 56 | log.trace('no existing cors configuration', { |
| 57 | error: err, |
| 58 | method: 'corsPreflight', |
| 59 | }); |
| 60 | return callback(err); |
| 61 | } |
| 62 | |
| 63 | log.trace('finding cors rule'); |
| 64 | const corsRule = findCorsRule(corsRules, corsOrigin, corsMethod, |
| 65 | corsHeaders); |
| 66 | |
| 67 | if (!corsRule) { |
| 68 | const err = errorInstances.AccessForbidden |
| 69 | .customizeDescription(customizedErrs.notAllowed); |
| 70 | log.trace('no matching cors rule', { |
| 71 | error: err, |
| 72 | method: 'corsPreflight', |
| 73 | }); |
| 74 | return callback(err); |
| 75 | } |
| 76 | |
| 77 | const resHeaders = generateCorsResHeaders(corsRule, corsOrigin, |
| 78 | corsMethod, corsHeaders, true); |
| 79 | // TODO: add some level of metrics for non-standard API request: |
| 80 | // pushMetric('corsPreflight', log, { bucket: bucketName }); |
| 81 | return callback(null, resHeaders); |
| 82 | }); |
| 83 | } |
nothing calls this directly
no test coverage detected