[FIX] Internal error when cross-origin with CORS is disabled (#11953)

RocketChat · Sep 14, 2018 · 75a1377 · 75a1377
1 parent 0e7215b
commit 75a1377
Showing 1 changed file with 19 additions and 18 deletions.
diff --git a/packages/rocketchat-api/server/api.js b/packages/rocketchat-api/server/api.js
@@ -31,24 +31,6 @@ class API extends Restivus {
 		this.limitedUserFieldsToExcludeIfIsPrivilegedUser = {
 			services: 0,
 		};
-
-		this._config.defaultOptionsEndpoint = function _defaultOptionsEndpoint() {
-			if (this.request.method === 'OPTIONS' && this.request.headers['access-control-request-method']) {
-				if (RocketChat.settings.get('API_Enable_CORS') === true) {
-					this.response.writeHead(200, {
-						'Access-Control-Allow-Origin': RocketChat.settings.get('API_CORS_Origin'),
-						'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token',
-					});
-				} else {
-					this.response.writeHead(405);
-					this.response.write('CORS not enabled. Go to "Admin > General > REST Api" to enable it.');
-				}
-			} else {
-				this.response.writeHead(404);
-			}
-
-			this.done();
-		};
 	}
 
 	hasHelperMethods() {
@@ -401,13 +383,31 @@ RocketChat.API = {
 	ApiClass: API,
 };
 
+const defaultOptionsEndpoint = function _defaultOptionsEndpoint() {
+	if (this.request.method === 'OPTIONS' && this.request.headers['access-control-request-method']) {
+		if (RocketChat.settings.get('API_Enable_CORS') === true) {
+			this.response.writeHead(200, {
+				'Access-Control-Allow-Origin': RocketChat.settings.get('API_CORS_Origin'),
+				'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token',
+			});
+		} else {
+			this.response.writeHead(405);
+			this.response.write('CORS not enabled. Go to "Admin > General > REST Api" to enable it.');
+		}
+	} else {
+		this.response.writeHead(404);
+	}
+	this.done();
+};
+
 const createApi = function _createApi(enableCors) {
 	if (!RocketChat.API.v1 || RocketChat.API.v1._config.enableCors !== enableCors) {
 		RocketChat.API.v1 = new API({
 			version: 'v1',
 			useDefaultAuth: true,
 			prettyJson: process.env.NODE_ENV === 'development',
 			enableCors,
+			defaultOptionsEndpoint,
 			auth: getUserAuth(),
 		});
 	}
@@ -417,6 +417,7 @@ const createApi = function _createApi(enableCors) {
 			useDefaultAuth: true,
 			prettyJson: process.env.NODE_ENV === 'development',
 			enableCors,
+			defaultOptionsEndpoint,
 			auth: getUserAuth(),
 		});
 	}