Skip to content

Skip already set headers on server initialization #345

New issue
New issue
Open
Open
Skip already set headers on server initialization#345
@hpawe01

Description

@hpawe01
hpawe01
opened on Nov 17, 2017

Hello,

I use the possibility to modify the Express server before starting it as described in https://github.com/holidayextras/jsonapi-server/blob/master/documentation/configuring.md#gaining-access-to-the-express-server

For example, I need cookie-authentication and have to add some headers:

 const app = jsonApi.getExpressServer();
 app.use(function(req, res, next) {
   res.set('Access-Control-Allow-Origin', 'http://localhost:4200');
   res.set('Access-Control-Allow-Credentials', 'true');
   return next();
 });

But the header Access-Control-Allow-Origin gets overwritten during the initialization of the json api server:

jsonapi-server/lib/router.js

Lines 23 to 30 in 368ad6b

res.set({
'Content-Type': 'application/vnd.api+json',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, PATCH, DELETE, OPTIONS',
'Access-Control-Allow-Headers': req.headers['access-control-request-headers'] || '',
'Cache-Control': 'private, must-revalidate, max-age=0',
'Expires': 'Thu, 01 Jan 1970 00:00:00'
})

I changed it locally, so that the header is only set, when it is not already present:

if (!res.get('Access-Control-Allow-Origin')) {
  res.set('Access-Control-Allow-Origin', '*');
}

Should I prepare a pull request with this change? Or does this break something I am not aware of?

Cheers,
Friedrich

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions