Giorgiosaud/pre-request Script.js

## pre-request Script.js
function verifyCustomHeaders(optionsResponse,originalHeaders){
    const accessControlAllowHeader=optionsResponse.headers.find(header=>header.key.toLowerCase()==='access-control-allow-headers')
    const originalHeadersArray=originalHeaders.split(', ')

    if(!accessControlAllowHeader){
        console.error('header "Access-Control-Allow-Headers" missing in option request')
    }else{
        const missingInaccessControlAllowHeader=originalHeadersArray.filter(n => !accessControlAllowHeader.value.split(', ').includes(n))
        if(missingInaccessControlAllowHeader.length>0){
            console.error(`missing "${missingInaccessControlAllowHeader.join(', ')}" "Access-Control-Allow-Headers"`)
        }
    }
};
(function () {
    const request = pm.request
    const url = request.url.toString()
    const requestMethod = request.method
    const headers = request.headers.toObject()
    const origin = headers.origin
    if (!origin) {
        throw new TypeError('The request must have an Origin header to attempt a preflight please add it to test the preflight request')
    }
    console.info(`Checking preflight request for ${origin}`)
    delete headers.origin
    const requestHeaders = Object.keys(headers).join(', ')
    if (!['GET', 'HEAD', 'POST'].includes(requestMethod)) {
        console.warn(`The request uses ${requestMethod}, so a preflight will be required`)
    } else if (requestHeaders) {
        console.warn(`The request has custom headers, so a preflight will be required with this custom headers: ${requestHeaders}`)
    } else {
        console.info("A preflight may not be required for this request but we'll attempt it anyway")
    }
    const preflightHeaders = {
        Origin: origin,
        'Access-Control-Request-Method': requestMethod
    }
    if (requestHeaders) {
        preflightHeaders['Access-Control-Request-Headers'] = requestHeaders
    }
    pm.sendRequest({
        url,
        method: 'OPTIONS',
        header: preflightHeaders
    }, (err, optionsResponse) => {
        if (err) {
            throw new Error('Error:', err)
        }
        console.info(`Preflight response has status code ${optionsResponse.code}`)
        if(requestHeaders){
            verifyCustomHeaders(optionsResponse,requestHeaders)
        }
        console.info(`verifiying other headers:`)
        const optionalCustomHeaders = [
            'access-control-allow-origin',
            'access-control-allow-methods',
            'access-control-allow-credentials',
            'access-control-max-age'
        ]

        const headersArray=optionsResponse.headers.map(header => header.key.toLowerCase())
        const missingCustomHeadersArray=optionalCustomHeaders.filter(n => !headersArray.includes(n))
        if(missingCustomHeadersArray.length>0){
            console.error(`Cors Failure headers posibbly missing "${missingCustomHeadersArray.join(', ')}"`);
        }
    })
})()
	function verifyCustomHeaders(optionsResponse,originalHeaders){
	const accessControlAllowHeader=optionsResponse.headers.find(header=>header.key.toLowerCase()==='access-control-allow-headers')
	const originalHeadersArray=originalHeaders.split(', ')

	if(!accessControlAllowHeader){
	console.error('header "Access-Control-Allow-Headers" missing in option request')
	}else{
	const missingInaccessControlAllowHeader=originalHeadersArray.filter(n => !accessControlAllowHeader.value.split(', ').includes(n))
	if(missingInaccessControlAllowHeader.length>0){
	console.error(`missing "${missingInaccessControlAllowHeader.join(', ')}" "Access-Control-Allow-Headers"`)
	}
	}
	};
	(function () {
	const request = pm.request
	const url = request.url.toString()
	const requestMethod = request.method
	const headers = request.headers.toObject()
	const origin = headers.origin
	if (!origin) {
	throw new TypeError('The request must have an Origin header to attempt a preflight please add it to test the preflight request')
	}
	console.info(`Checking preflight request for ${origin}`)
	delete headers.origin
	const requestHeaders = Object.keys(headers).join(', ')
	if (!['GET', 'HEAD', 'POST'].includes(requestMethod)) {
	console.warn(`The request uses ${requestMethod}, so a preflight will be required`)
	} else if (requestHeaders) {
	console.warn(`The request has custom headers, so a preflight will be required with this custom headers: ${requestHeaders}`)
	} else {
	console.info("A preflight may not be required for this request but we'll attempt it anyway")
	}
	const preflightHeaders = {
	Origin: origin,
	'Access-Control-Request-Method': requestMethod
	}
	if (requestHeaders) {
	preflightHeaders['Access-Control-Request-Headers'] = requestHeaders
	}
	pm.sendRequest({
	url,
	method: 'OPTIONS',
	header: preflightHeaders
	}, (err, optionsResponse) => {
	if (err) {
	throw new Error('Error:', err)
	}
	console.info(`Preflight response has status code ${optionsResponse.code}`)
	if(requestHeaders){
	verifyCustomHeaders(optionsResponse,requestHeaders)
	}
	console.info(`verifiying other headers:`)
	const optionalCustomHeaders = [
	'access-control-allow-origin',
	'access-control-allow-methods',
	'access-control-allow-credentials',
	'access-control-max-age'
	]

	const headersArray=optionsResponse.headers.map(header => header.key.toLowerCase())
	const missingCustomHeadersArray=optionalCustomHeaders.filter(n => !headersArray.includes(n))
	if(missingCustomHeadersArray.length>0){
	console.error(`Cors Failure headers posibbly missing "${missingCustomHeadersArray.join(', ')}"`);
	}
	})
	})()