@@ -30,7 +30,7 @@ const SIMPLE_EXPOSE_HEADERS = [
3030 * sure not to set request specific instance properties.
3131 */
3232export class Cors {
33- private isEnabled : ( request : HttpContextContract [ 'request' ] ) => boolean
33+ private isEnabled : ( request : HttpContextContract [ 'request' ] , ctx : HttpContextContract ) => boolean
3434
3535 constructor ( private options : CorsConfig ) {
3636 this . normalizeOptions ( )
@@ -72,7 +72,7 @@ export class Cors {
7272 *
7373 * Origin match is always case sensitive
7474 */
75- private computeResponseOrigin ( origin : string ) : string | null {
75+ private computeResponseOrigin ( origin : string , ctx : HttpContextContract ) : string | null {
7676 let allowedOrigins = this . options . origin
7777
7878 /**
@@ -81,7 +81,7 @@ export class Cors {
8181 * new config value.
8282 */
8383 if ( typeof allowedOrigins === 'function' ) {
84- allowedOrigins = allowedOrigins ( origin )
84+ allowedOrigins = allowedOrigins ( origin , ctx )
8585 }
8686
8787 /**
@@ -144,14 +144,14 @@ export class Cors {
144144 * The array items are casted to lowercase for case insensitive
145145 * match.
146146 */
147- private computedAllowedHeaders ( headers : string [ ] ) : string [ ] {
147+ private computedAllowedHeaders ( headers : string [ ] , ctx : HttpContextContract ) : string [ ] {
148148 let allowedHeaders = this . options . headers
149149
150150 /**
151151 * Compute allowed headers by calling the config function.
152152 */
153153 if ( typeof allowedHeaders === 'function' ) {
154- allowedHeaders = allowedHeaders ( headers )
154+ allowedHeaders = allowedHeaders ( headers , ctx )
155155 }
156156
157157 /**
@@ -241,16 +241,16 @@ export class Cors {
241241 * Handle HTTP request for CORS. This method is binded as a before hook
242242 * to the HTTP server.
243243 */
244- public async handle ( { request , response } : HttpContextContract ) {
244+ public async handle ( ctx : HttpContextContract ) {
245245 /**
246246 * Return early when CORS is not enabled for the current request
247247 */
248- if ( ! this . isEnabled ( request ) ) {
248+ if ( ! this . isEnabled ( ctx . request , ctx ) ) {
249249 return
250250 }
251251
252- const origin = request . header ( 'origin' )
253- const isOptions = request . method ( ) === 'OPTIONS'
252+ const origin = ctx . request . header ( 'origin' )
253+ const isOptions = ctx . request . method ( ) === 'OPTIONS'
254254
255255 /**
256256 * If their is no Origin header present, then let the user-agent handle
@@ -260,7 +260,7 @@ export class Cors {
260260 return
261261 }
262262
263- const allowedOrigin = this . computeResponseOrigin ( origin )
263+ const allowedOrigin = this . computeResponseOrigin ( origin , ctx )
264264
265265 /**
266266 * If origin is not allowed, then we don't set any of the cors headers
@@ -270,7 +270,7 @@ export class Cors {
270270 * Also end the OPTIONS request right away
271271 */
272272 if ( isOptions ) {
273- this . endPreFlight ( response )
273+ this . endPreFlight ( ctx . response )
274274 }
275275
276276 return
@@ -280,24 +280,24 @@ export class Cors {
280280 * Set required headers for non options request.
281281 */
282282 if ( ! isOptions ) {
283- this . setOrigin ( response , allowedOrigin )
284- this . setCredentials ( response )
285- this . setExposedHeaders ( response )
283+ this . setOrigin ( ctx . response , allowedOrigin )
284+ this . setCredentials ( ctx . response )
285+ this . setExposedHeaders ( ctx . response )
286286 return
287287 }
288288
289289 /**
290290 * Everything below is for pre-flight (aka OPTIONS) request
291291 */
292- const requestMethod = request . header ( 'Access-Control-Request-Method' )
292+ const requestMethod = ctx . request . header ( 'Access-Control-Request-Method' )
293293
294294 /**
295295 * End the request, when `Access-Control-Request-Method` is missing or isn't
296296 * part of allowed methods.
297297 * https://www.w3.org/TR/cors/#http-access-control-request-method
298298 */
299299 if ( ! requestMethod || this . options . methods . indexOf ( requestMethod ) === - 1 ) {
300- this . endPreFlight ( response )
300+ this . endPreFlight ( ctx . response )
301301 return
302302 }
303303
@@ -306,7 +306,7 @@ export class Cors {
306306 * we subsitute that with an empty list.
307307 * https://www.w3.org/TR/cors/#http-access-control-request-headers
308308 */
309- let requestHeaders : unknown = request . header ( 'Access-Control-Request-Headers' )
309+ let requestHeaders : unknown = ctx . request . header ( 'Access-Control-Request-Headers' )
310310 if ( requestHeaders && requestHeaders !== '' ) {
311311 requestHeaders = ( requestHeaders as string ) . split ( ',' )
312312 } else {
@@ -316,7 +316,7 @@ export class Cors {
316316 /**
317317 * Computing allowed headers array from the user config
318318 */
319- const allowedHeaders = this . computedAllowedHeaders ( requestHeaders as string [ ] )
319+ const allowedHeaders = this . computedAllowedHeaders ( requestHeaders as string [ ] , ctx )
320320
321321 /**
322322 * Finding if all request `Access-Control-Request-Headers` falls under the
@@ -339,16 +339,16 @@ export class Cors {
339339 * https://www.w3.org/TR/cors/#http-access-control-request-headers
340340 */
341341 if ( headersMatches === false ) {
342- this . endPreFlight ( response )
342+ this . endPreFlight ( ctx . response )
343343 return
344344 }
345345
346- this . setOrigin ( response , allowedOrigin )
347- this . setCredentials ( response )
348- this . setExposedHeaders ( response )
349- this . setAllowMethods ( response )
350- this . setAllowHeaders ( response , allowedHeaders )
351- this . setMaxAge ( response )
352- this . endPreFlight ( response )
346+ this . setOrigin ( ctx . response , allowedOrigin )
347+ this . setCredentials ( ctx . response )
348+ this . setExposedHeaders ( ctx . response )
349+ this . setAllowMethods ( ctx . response )
350+ this . setAllowHeaders ( ctx . response , allowedHeaders )
351+ this . setMaxAge ( ctx . response )
352+ this . endPreFlight ( ctx . response )
353353 }
354354}
0 commit comments