Skip to content

Commit

Permalink
feat: allow cors header to be excluded from request headers (#489)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevinpagtakhan
kevinpagtakhan authored Jan 20, 2022
1 parent b64b8b0 commit 0119ac7
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/xhr.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,13 @@ var Request = function (url, data, headers) {
this.headers = headers;
};

const CORS_HEADER = 'Cross-Origin-Resource-Policy';

function setHeaders(xhr, headers) {
for (const header in headers) {
if (header === CORS_HEADER && !headers[header]) {
continue;
}
xhr.setRequestHeader(header, headers[header]);
}
}
Expand Down
37 changes: 37 additions & 0 deletions test/amplitude-client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1690,13 +1690,50 @@ describe('AmplitudeClient', function () {
assert.equal(server.requests[0].requestHeaders['Content-Type'], 'application/json;charset=utf-8');
});

it('should send request with no cors header when passed an empty string', function () {
amplitude.init(apiKey, null, {
headers: { 'Cross-Origin-Resource-Policy': '' },
});
amplitude.logEvent('Event Type 1');
assert.lengthOf(server.requests, 1);
assert.notExists(server.requests[0].requestHeaders['Cross-Origin-Resource-Policy']);
});

it('should send request with no cors header when passed undefined', function () {
amplitude.init(apiKey, null, {
headers: { 'Cross-Origin-Resource-Policy': undefined },
});
amplitude.logEvent('Event Type 1');
assert.lengthOf(server.requests, 1);
assert.notExists(server.requests[0].requestHeaders['Cross-Origin-Resource-Policy']);
});

it('should send request with no cors header when passed null', function () {
amplitude.init(apiKey, null, {
headers: { 'Cross-Origin-Resource-Policy': null },
});
amplitude.logEvent('Event Type 1');
assert.lengthOf(server.requests, 1);
assert.notExists(server.requests[0].requestHeaders['Cross-Origin-Resource-Policy']);
});

it('should send request with custom cors header', function () {
amplitude.init(apiKey, null, {
headers: { 'Cross-Origin-Resource-Policy': 'same-site' },
});
amplitude.logEvent('Event Type 1');
assert.lengthOf(server.requests, 1);
assert.equal(server.requests[0].requestHeaders['Cross-Origin-Resource-Policy'], 'same-site');
});

it('should send https request', function () {
amplitude.options.forceHttps = true;
amplitude.logEvent('Event Type 1');
assert.lengthOf(server.requests, 1);
assert.equal(server.requests[0].url, 'https://api.amplitude.com');
assert.equal(server.requests[0].method, 'POST');
assert.equal(server.requests[0].async, true);
assert.equal(server.requests[0].requestHeaders['Cross-Origin-Resource-Policy'], 'cross-origin');
});

it('should send https request by configuration', function () {
Expand Down

0 comments on commit 0119ac7

Please sign in to comment.