From c178881d716e2e94d6101a3636ef172c1752e7da Mon Sep 17 00:00:00 2001 From: Matt Oberle Date: Fri, 13 Dec 2019 17:07:42 -0500 Subject: [PATCH] Extends isProtectedRoute to allow HEAD requests This commit is to address a problem that has been perplexing me for months. Whenever I try to make a HEAD request to a clay page I get a 302 redirect to `/_auth/login` instead of getting response headers from the page. The consequence of this behavior is that one is forced to render and download the full page contents, when they may only be interested in the Content-Length, status code, or other bits of information. --- index.js | 8 ++++++-- index.test.js | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index e55fc03..834913a 100644 --- a/index.js +++ b/index.js @@ -20,12 +20,16 @@ const _isEmpty = require('lodash/isEmpty'), /** * determine if a route is protected - * protected routes are ?edit=true and any method other than GET + * protected routes are ?edit=true and any method other than GET or HEAD * @param {object} req * @returns {boolean} */ function isProtectedRoute(req) { - return !!req.query.edit || !_includes(req.originalUrl, '/_auth') && req.method !== 'GET'; + return ( + !!req.query.edit + || !_includes(req.originalUrl, '/_auth') + && !_includes(['GET', 'HEAD'], req.method) + ); } /** diff --git a/index.test.js b/index.test.js index ef2b1dd..c212806 100644 --- a/index.test.js +++ b/index.test.js @@ -30,6 +30,10 @@ describe(_startCase(filename), function () { it('is false if GET to api (or non-edit page)', function () { expect(fn({ query: {}, method: 'GET' })).toEqual(false); }); + + it('is false if HEAD to api (or non-edit page)', function () { + expect(fn({ query: {}, method: 'HEAD' })).toEqual(false); + }); }); describe('isAuthenticated', function () {