Skip to content

Commit

Permalink
Merge pull request #29 from clay/no-302s-on-head-requests
Browse files Browse the repository at this point in the history 
Extends isProtectedRoute to allow HEAD requests
  • Loading branch information
@mattoberle
mattoberle authored Aug 27, 2020
2 parents 5f72d8a + c178881 commit 94201d6
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
8 changes: 6 additions & 2 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,16 @@ const _isEmpty = require('lodash/isEmpty'),

/**
* determine if a route is protected
* protected routes are ?edit=true and any method other than GET
* protected routes are ?edit=true and any method other than GET or HEAD
* @param {object} req
* @returns {boolean}
*/
function isProtectedRoute(req) {
return !!req.query.edit || !_includes(req.originalUrl, '/_auth') && req.method !== 'GET';
return (
!!req.query.edit
|| !_includes(req.originalUrl, '/_auth')
&& !_includes(['GET', 'HEAD'], req.method)
);
}

/**
Expand Down
4 changes: 4 additions & 0 deletions index.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ describe(_startCase(filename), function () {
it('is false if GET to api (or non-edit page)', function () {
expect(fn({ query: {}, method: 'GET' })).toEqual(false);
});

it('is false if HEAD to api (or non-edit page)', function () {
expect(fn({ query: {}, method: 'HEAD' })).toEqual(false);
});
});

describe('isAuthenticated', function () {
Expand Down

0 comments on commit 94201d6

Please sign in to comment.