From 9acbafea6ebc045f54b416971ab58135c78e17f8 Mon Sep 17 00:00:00 2001
From: Slimani Mohammed <45685744+mohammedSlimani@users.noreply.github.com>
Date: Mon, 20 Nov 2023 11:09:52 +0100
Subject: [PATCH] fix: support for embedded cors for route params (#278)

* add support for imbedded cors for route params

* embedded cors in route params enhanced tests

* Update test/cors.test.js

Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>

---------

Co-authored-by: Mohammed Slimani <mohammed.slimani@sinch.com>
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
---
 index.js               |  2 +-
 test/cors.test.js      | 35 ++++++++++++++++++++++++++++++++++-
 test/preflight.test.js |  4 ++--
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/index.js b/index.js
index 28dfc9a..f113e81 100644
--- a/index.js
+++ b/index.js
@@ -72,7 +72,7 @@ function fastifyCors (fastify, opts, next) {
   // remove most headers (such as the Authentication header).
   //
   // This route simply enables fastify to accept preflight requests.
-  fastify.options('*', { schema: { hide: hideOptionsRoute } }, (req, reply) => {
+  fastify.options('/*', { schema: { hide: hideOptionsRoute } }, (req, reply) => {
     if (!req.corsPreflightEnabled) {
       // Do not handle preflight requests if the origin option disabled CORS
       reply.callNotFound()
diff --git a/test/cors.test.js b/test/cors.test.js
index 8819277..76e227f 100644
--- a/test/cors.test.js
+++ b/test/cors.test.js
@@ -354,7 +354,7 @@ test('Should support dynamic config. (Invalid function)', t => {
   t.plan(2)
 
   const fastify = Fastify()
-  fastify.register(cors, () => (a, b, c) => {})
+  fastify.register(cors, () => (a, b, c) => { })
 
   fastify.get('/', (req, reply) => {
     reply.send('ok')
@@ -942,3 +942,36 @@ test('Should support wildcard config /2', t => {
     t.equal(res.headers['access-control-allow-origin'], '*')
   })
 })
+
+test('should support embedded cors registration with route params', t => {
+  t.plan(3)
+
+  const fastify = Fastify()
+
+  const custom = async (instance, opts) => {
+    instance.register(cors, {
+      origin: ['example.com']
+    })
+
+    instance.get('/route1', (req, reply) => {
+      reply.send('ok')
+    })
+  }
+
+  fastify.register(custom, {
+    prefix: '/:id'
+  })
+
+  fastify.inject({
+    method: 'OPTIONS',
+    url: '/id1/route1',
+    headers: {
+      'access-control-request-method': 'GET',
+      origin: 'example.com'
+    }
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 204)
+    t.equal(res.headers['access-control-allow-origin'], 'example.com')
+  })
+})
diff --git a/test/preflight.test.js b/test/preflight.test.js
index f138915..42ed499 100644
--- a/test/preflight.test.js
+++ b/test/preflight.test.js
@@ -189,7 +189,7 @@ test('hide options route by default', t => {
   const fastify = Fastify()
 
   fastify.addHook('onRoute', (route) => {
-    if (route.method === 'OPTIONS' && route.url === '*') {
+    if (route.method === 'OPTIONS' && route.url === '/*') {
       t.equal(route.schema.hide, true)
     }
   })
@@ -206,7 +206,7 @@ test('show options route', t => {
   const fastify = Fastify()
 
   fastify.addHook('onRoute', (route) => {
-    if (route.method === 'OPTIONS' && route.url === '*') {
+    if (route.method === 'OPTIONS' && route.url === '/*') {
       t.equal(route.schema.hide, false)
     }
   })