From 74f63abb25d12666e7c05e5e82fcf7432f8dbda4 Mon Sep 17 00:00:00 2001 From: Kevin Whitley Date: Sun, 28 Apr 2024 10:29:46 -0500 Subject: [PATCH] released v5.0.17 - fixes #242 - corsify should clone response --- CHANGELOG.md | 2 ++ package.json | 2 +- src/cors.spec.ts | 7 +++++++ src/cors.ts | 5 +---- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3bbe26..9377b27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## Changelog +#### v5.0.17 + - fixed: corsify should clone response before appending headers #### v5.0.16 - maintenance: README #### v5.0.15 diff --git a/package.json b/package.json index ef8f622..a1fd9cf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "itty-router", - "version": "5.0.16", + "version": "5.0.17", "description": "A tiny, zero-dependency router, designed to make beautiful APIs in any environment.", "main": "./index.js", "module": "./index.mjs", diff --git a/src/cors.spec.ts b/src/cors.spec.ts index 934884c..505e1d4 100644 --- a/src/cors.spec.ts +++ b/src/cors.spec.ts @@ -275,6 +275,13 @@ describe('cors(options?: CorsOptions)', () => { expect(afterCorsify.headers.get('access-control-allow-origin')).toBeNull() expect(afterCorsify.status).toBe(101) }) + + it('clones the response', async () => { + const { corsify } = cors() + const originalResponse = new Response(null) + const corsified = corsify(originalResponse) + expect(originalResponse).not.toBe(corsified) + }) }) }) }) diff --git a/src/cors.ts b/src/cors.ts index 4559562..9b08608 100644 --- a/src/cors.ts +++ b/src/cors.ts @@ -78,10 +78,7 @@ export const cors = (options: CorsOptions = {}) => { || response.status == 101 ) return response - // clone the response - // response = response.clone() - - return appendHeadersAndReturn(response, { + return appendHeadersAndReturn(response.clone(), { 'access-control-allow-origin': getAccessControlOrigin(request), 'access-control-allow-credentials': credentials, })