fix(cors): allow intercepting cors requests on chromium (#2643)

2020-06-19 17:14:32 -07:00 · 2020-06-19 17:14:32 -07:00 · eac7dab8b7
parent 2251f9bedb
commit eac7dab8b7
4 changed files with 124 additions and 3 deletions
--- a/browsers.json
+++ b/browsers.json
@ -10,7 +10,7 @@
    },
    {
      "name": "webkit",
-      "revision": "1290"
+      "revision": "1292"
    }
  ]
 }
--- a/src/chromium/crNetworkManager.ts
+++ b/src/chromium/crNetworkManager.ts
@ -187,8 +187,28 @@ export class CRNetworkManager {
    }

    if (!frame) {
-      if (requestPausedEvent)
-        this._client._sendMayFail('Fetch.continueRequest', { requestId: requestPausedEvent.requestId });
+      if (requestPausedEvent) {
+        // CORS options request is generated by the network stack, it is not associated with the frame id.
+        // If URL matches interception pattern, accept it, assuming that this was intended when setting route.
+        if (requestPausedEvent.request.method === 'OPTIONS' && this._page._isRouted(requestPausedEvent.request.url)) {
+          const requestHeaders = requestPausedEvent.request.headers;
+          const responseHeaders: Protocol.Fetch.HeaderEntry[] = [
+            { name: 'Access-Control-Allow-Origin', value: requestHeaders['Access-Control-Allow-Methods'] || '*' },
+            { name: 'Access-Control-Allow-Methods', value: requestHeaders['Access-Control-Request-Method'] || 'GET, POST, OPTIONS, DELETE' }
+          ];
+          if (requestHeaders['Access-Control-Request-Headers'])
+            responseHeaders.push({ name: 'Access-Control-Allow-Headers', value: requestHeaders['Access-Control-Request-Headers'] });
+          this._client._sendMayFail('Fetch.fulfillRequest', {
+            requestId: requestPausedEvent.requestId,
+            responseCode: 204,
+            responsePhrase: network.STATUS_TEXTS['204'],
+            responseHeaders,
+            body: '',
+          });
+        } else {
+          this._client._sendMayFail('Fetch.continueRequest', { requestId: requestPausedEvent.requestId });
+        }
+      }
      return;
    }
    let allowInterception = this._userRequestInterceptionEnabled;
--- a/src/page.ts
+++ b/src/page.ts
@ -425,6 +425,18 @@ export class Page extends EventEmitter {
    route.continue();
  }

+  _isRouted(requestURL: string): boolean {
+    for (const { url } of this._routes) {
+      if (helper.urlMatches(requestURL, url))
+        return true;
+    }
+    for (const { url } of this._browserContext._routes) {
+      if (helper.urlMatches(requestURL, url))
+        return true;
+    }
+    return false;
+  }
+
  async screenshot(options?: types.ScreenshotOptions): Promise<Buffer> {
    return this._screenshotter.screenshotPage(options);
  }
--- a/test/interception.spec.js
+++ b/test/interception.spec.js
@ -397,6 +397,95 @@ describe('Page.route', function() {
    }, server.PREFIX + '/redirect_this');
    expect(text).toBe('');
  });
+
+  it('should support cors with GET', async({page, server}) => {
+    await page.goto(server.EMPTY_PAGE);
+    await page.route('**/cars*', async (route, request) => {
+      const headers = request.url().endsWith('allow') ? { 'access-control-allow-origin': '*' } : {};
+      await route.fulfill({
+        contentType: 'application/json',
+        headers,
+        status: 200,
+        body: JSON.stringify(['electric', 'gas']),
+      });
+    });
+    {
+      // Should succeed
+      const resp = await page.evaluate(async () => {
+        const response = await fetch('https://example.com/cars?allow', { mode: 'cors' });
+        return response.json();
+      });
+      expect(resp).toEqual(['electric', 'gas']);
+    }
+    {
+      // Should be rejected
+      const error = await page.evaluate(async () => {
+        const response = await fetch('https://example.com/cars?reject', { mode: 'cors' });
+        return response.json();
+      }).catch(e => e);
+      expect(error.message).toContain('failed');
+    }
+  });
+
+  it('should support cors with POST', async({page, server}) => {
+    await page.goto(server.EMPTY_PAGE);
+    await page.route('**/cars', async (route) => {
+      await route.fulfill({
+        contentType: 'application/json',
+        headers: { 'Access-Control-Allow-Origin': '*' },
+        status: 200,
+        body: JSON.stringify(['electric', 'gas']),
+      });
+    });
+    const resp = await page.evaluate(async () => {
+      const response = await fetch('https://example.com/cars', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        mode: 'cors',
+        body: JSON.stringify({ 'number': 1 }) 
+      });
+      return response.json();
+    });
+    expect(resp).toEqual(['electric', 'gas']);
+  });
+
+  it('should support cors for different methods', async({page, server}) => {
+    await page.goto(server.EMPTY_PAGE);
+    await page.route('**/cars', async (route, request) => {
+      await route.fulfill({
+        contentType: 'application/json',
+        headers: { 'Access-Control-Allow-Origin': '*' },
+        status: 200,
+        body: JSON.stringify([request.method(), 'electric', 'gas']),
+      });
+    });
+    // First POST
+    {
+      const resp = await page.evaluate(async () => {
+        const response = await fetch('https://example.com/cars', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          mode: 'cors',
+          body: JSON.stringify({ 'number': 1 }) 
+        });
+        return response.json();
+      });
+      expect(resp).toEqual(['POST', 'electric', 'gas']);        
+    }
+    // Then DELETE
+    {
+      const resp = await page.evaluate(async () => {
+        const response = await fetch('https://example.com/cars', {
+          method: 'DELETE',
+          headers: {},
+          mode: 'cors',
+          body: '' 
+        });
+        return response.json();
+      });
+      expect(resp).toEqual(['DELETE', 'electric', 'gas']);        
+    }
+  });
 });

 describe('Request.continue', function() {