Last active
December 5, 2022 20:51
-
-
Save Giorgiosaud/54cdfbb0cdde13195207e2bc3e79c9bf to your computer and use it in GitHub Desktop.
Pre request script to test preflight request
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function verifyCustomHeaders(optionsResponse,originalHeaders){ | |
const accessControlAllowHeader=optionsResponse.headers.find(header=>header.key.toLowerCase()==='access-control-allow-headers') | |
const originalHeadersArray=originalHeaders.split(', ') | |
if(!accessControlAllowHeader){ | |
console.error('header "Access-Control-Allow-Headers" missing in option request') | |
}else{ | |
const missingInaccessControlAllowHeader=originalHeadersArray.filter(n => !accessControlAllowHeader.value.split(', ').includes(n)) | |
if(missingInaccessControlAllowHeader.length>0){ | |
console.error(`missing "${missingInaccessControlAllowHeader.join(', ')}" "Access-Control-Allow-Headers"`) | |
} | |
} | |
}; | |
(function () { | |
const request = pm.request | |
const url = request.url.toString() | |
const requestMethod = request.method | |
const headers = request.headers.toObject() | |
const origin = headers.origin | |
if (!origin) { | |
throw new TypeError('The request must have an Origin header to attempt a preflight please add it to test the preflight request') | |
} | |
console.info(`Checking preflight request for ${origin}`) | |
delete headers.origin | |
const requestHeaders = Object.keys(headers).join(', ') | |
if (!['GET', 'HEAD', 'POST'].includes(requestMethod)) { | |
console.warn(`The request uses ${requestMethod}, so a preflight will be required`) | |
} else if (requestHeaders) { | |
console.warn(`The request has custom headers, so a preflight will be required with this custom headers: ${requestHeaders}`) | |
} else { | |
console.info("A preflight may not be required for this request but we'll attempt it anyway") | |
} | |
const preflightHeaders = { | |
Origin: origin, | |
'Access-Control-Request-Method': requestMethod | |
} | |
if (requestHeaders) { | |
preflightHeaders['Access-Control-Request-Headers'] = requestHeaders | |
} | |
pm.sendRequest({ | |
url, | |
method: 'OPTIONS', | |
header: preflightHeaders | |
}, (err, optionsResponse) => { | |
if (err) { | |
throw new Error('Error:', err) | |
} | |
console.info(`Preflight response has status code ${optionsResponse.code}`) | |
if(requestHeaders){ | |
verifyCustomHeaders(optionsResponse,requestHeaders) | |
} | |
console.info(`verifiying other headers:`) | |
const optionalCustomHeaders = [ | |
'access-control-allow-origin', | |
'access-control-allow-methods', | |
'access-control-allow-credentials', | |
'access-control-max-age' | |
] | |
const headersArray=optionsResponse.headers.map(header => header.key.toLowerCase()) | |
const missingCustomHeadersArray=optionalCustomHeaders.filter(n => !headersArray.includes(n)) | |
if(missingCustomHeadersArray.length>0){ | |
console.error(`Cors Failure headers posibbly missing "${missingCustomHeadersArray.join(', ')}"`); | |
} | |
}) | |
})() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment