fix: Calling all options even if origin header is not present (#87)

CleberRossi · fengmk2 · commit 7358ab381af6 · 2022-10-08T21:34:53.000+08:00
As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs Fix #18
diff --git a/index.js b/index.js
@@ -58,8 +58,6 @@ module.exports = function(options) {
     // https://github.com/rs/cors/issues/10
     ctx.vary('Origin');
 
-    if (!requestOrigin) return await next();
-
     let origin;
     if (typeof options.origin === 'function') {
       origin = await options.origin(ctx);
diff --git a/test/cors.test.js b/test/cors.test.js
@@ -77,6 +77,14 @@ describe('cors.test.js', function() {
         .expect({ foo: 'bar' })
         .expect(200, done);
     });
+
+    it('should always set `Access-Control-Allow-Origin` to *, even if no Origin is passed on request', function(done) {
+      request(app.listen())
+        .get('/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect({ foo: 'bar' })
+        .expect(200, done);
+    });
   });
 
   describe('options.secureContext=true', function() {
