Merge branch 'release-7.0.3'

.gitignore

@@ -36,6 +36,8 @@ scripts/coverage.svg
 
 test/kinesis-test-db
 
+.nyc_output/
+
 # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 

.travis.yml

@@ -6,8 +6,9 @@ notifications:
   slack: dadi:pnhiL60xOrm7GOglHUmb7xHK
   email: false
 node_js:
-  - '10'
   - '8'
+  - '10'
+  - 'lts/*'
 before_script:
   - npm prune
 branches:

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+# [7.0.3] - 2019-08-22
+
+## Fixed
+
+* [#499](https://github.com/dadi/web/pull/499): add CORS headers to response from cache
+
 # [7.0.2] - 2019-06-19
 
 ## Fixed

CONTRIBUTING.md

@@ -15,7 +15,7 @@ Here are the guidelines we'd like you to follow:
 
 ## <a name="question"></a> Got a Question or Problem?
 
-Documentation is maintained under the `docs` branch and can be found on the [dadi.tech](https://dadi.tech) site.
+Documentation is maintained under the `docs` branch and can be found on the [dadi.cloud](https://dadi.cloud) site.
 
 If the documentation doesn't answer your problem please feel free to email the
 DADI team directly on: [email protected]

README.md

@@ -7,8 +7,8 @@
 
 ## DADI Web
 
-* [Overview](#overview)
-* [Getting started](#getting-started)
+- [Overview](#overview)
+- [Getting started](#getting-started)
 
 ## Overview
 
@@ -29,7 +29,7 @@ The [DADI Web Documentation](https://docs.dadi.cloud/web/) is the best place for
 DADI is a data centric development and delivery stack, built specifically in support of the principles of API first and COPE.
 
 Copyright notice<br />
-(C) 2019 DADI+ Limited <support@dadi.tech><br />
+(C) 2019 DADI+ Limited <support@dadi.cloud><br />
 All rights reserved
 
 This product is part of DADI.<br />
@@ -49,7 +49,7 @@ them, to determine what licences are applicable.**
 
 DADI is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 
 The GNU General Public License (GPL) is available at

dadi/lib/cache/index.js

@@ -234,7 +234,10 @@ Cache.prototype.init = function () {
           return next()
         }
 
+        // Add standard cache response headers and configured CORS headers.
+        const configuredHeaders = config.get('headers').cors || {}
         const headers = {
+          ...configuredHeaders,
           'X-Cache-Lookup': 'HIT',
           'X-Cache': 'HIT',
           'Content-Type': contentType,
@@ -243,6 +246,10 @@ Cache.prototype.init = function () {
             'public, max-age=86400'
         }
 
+        if (headers['Access-Control-Allow-Origin'] && headers['Access-Control-Allow-Origin'] !== '*') {
+          headers['Vary'] = 'Origin'
+        }
+
         // Add compression headers
         if (shouldCompress) headers['Content-Encoding'] = shouldCompress
 

package.json

@@ -1,12 +1,12 @@
 {
   "name": "@dadi/web",
-  "version": "7.0.2",
+  "version": "7.0.3",
   "product": "DADI Web",
   "description": "A schemaless templating layer that can operate as a standalone platform or with DADI API as a full stack web application.",
   "main": "main.js",
   "scripts": {
     "start": "node ./start.js",
-    "test": "./node_modules/.bin/standard 'lib/**/*.js' | ./node_modules/.bin/snazzy && env NODE_ENV=test ./node_modules/.bin/istanbul cover -x '**/workspace/**' -x '**/app/**' --report cobertura --report text --report html --report lcov ./node_modules/mocha/bin/_mocha './test/{!(app),*}/*.js'",
+    "test": "./node_modules/.bin/standard 'lib/**/*.js' | ./node_modules/.bin/snazzy && env NODE_ENV=test ./node_modules/.bin/nyc -x '**/workspace/**' -x '**/app/**' --reporter=lcov ./node_modules/mocha/bin/_mocha './test/{!(app),*}/*.js' && ./node_modules/.bin/nyc report",
     "posttest": "node ./scripts/coverage.js",
     "snyk-protect": "snyk protect",
     "prepublishOnly": "npm run snyk-protect",
@@ -83,11 +83,11 @@
     "coveralls": "^3.0.2",
     "env-test": "~1.0.0",
     "husky": "~1.2.0",
-    "istanbul": "~0.4.5",
     "lint-staged": "~7.1.2",
     "mocha": "^5.2.0",
     "nock": "~10.0.0",
     "nodeunit": "~0.5.1",
+    "nyc": "^14.1.1",
     "prettier-standard": "^9.1.1",
     "should": "~13.2.0",
     "sinon": "~2.3.2",

test/acceptance/app.js

@@ -107,6 +107,123 @@ describe('Application', () => {
     })
   })
 
+  describe('CORS', () => {
+    it('should return CORS headers when not found in cache', done => {
+      const clientHost = `http://${config.get('server.host')}:${config.get(
+        'server.port'
+      )}`
+      const apiHost = `http://${config.get('api').host}:${
+        config.get('api').port
+      }`
+
+      const client = request(clientHost)
+      const endpoint1 =
+        '/1.0/library/categories?count=20&page=1&filter=%7B%22name%22:%22Crime%22%7D&fields=%7B%22name%22:1%7D&sort=%7B%22name%22:1%7D'
+      const scope2 = nock(apiHost)
+        .get(endpoint1)
+        .reply(200, JSON.stringify({ results: [{ name: 'Crime' }] }))
+
+      // create page 1
+      const page1 = page('page1', TestHelper.getPageSchema())
+      page1.datasources = ['categories']
+      page1.template = 'test.js'
+      page1.routes[0].path = '/categories/:category'
+      page1.events = []
+
+      const pages = []
+      pages.push(page1)
+
+      const headers = {
+        cors: {
+          'Access-Control-Allow-Origin': '*'
+        }
+      }
+
+      TestHelper.enableApiConfig().then(() => {
+        TestHelper.updateConfig({ headers })
+          .then(() => {
+            TestHelper.startServer(pages).then(() => {
+              client.get('/categories/Crime').end((err, res) => {
+                if (err) return done(err)
+                should.exist(res.headers['access-control-allow-origin'])
+                res.headers['access-control-allow-origin'].should.eql('*')
+                res.text.should.eql('<h3>Crime</h3>')
+
+                done()
+              })
+            })
+          })
+          .catch(err => {
+            console.log('err :', err)
+          })
+      })
+    })
+
+    it('should return CORS headers when found in cache', done => {
+      const clientHost = `http://${config.get('server.host')}:${config.get(
+        'server.port'
+      )}`
+      const apiHost = `http://${config.get('api').host}:${
+        config.get('api').port
+      }`
+
+      const client = request(clientHost)
+      const endpoint1 =
+        '/1.0/library/categories?count=20&page=1&filter=%7B%22name%22:%22Crime%22%7D&fields=%7B%22name%22:1%7D&sort=%7B%22name%22:1%7D'
+      const scope2 = nock(apiHost)
+        .get(endpoint1)
+        .reply(200, JSON.stringify({ results: [{ name: 'Crime' }] }))
+
+      // create page 1
+      const page1 = page('page1', TestHelper.getPageSchema())
+      page1.datasources = ['categories']
+      page1.template = 'test.js'
+      page1.routes[0].path = '/categories/:category'
+      page1.events = []
+
+      const pages = []
+      pages.push(page1)
+
+      const headers = {
+        cors: {
+          'Access-Control-Allow-Origin': '*'
+        }
+      }
+
+      TestHelper.enableApiConfig().then(() => {
+        TestHelper.updateConfig({ headers })
+          .then(() => {
+            TestHelper.startServer(pages).then(() => {
+              client.get('/categories/Crime').end((err, res) => {
+                if (err) return done(err)
+                should.exist(res.headers['x-cache'])
+                res.headers['x-cache'].should.eql('MISS')
+
+                should.exist(res.headers['access-control-allow-origin'])
+                res.headers['access-control-allow-origin'].should.eql('*')
+                res.text.should.eql('<h3>Crime</h3>')
+
+                client.get('/categories/Crime').end((err, res) => {
+                  if (err) return done(err)
+                  should.exist(res.headers['x-cache'])
+                  res.headers['x-cache'].should.eql('HIT')
+
+                  should.exist(res.headers['access-control-allow-origin'])
+                  res.headers['access-control-allow-origin'].should.eql('*')
+                  res.text.should.eql('<h3>Crime</h3>')
+
+                  done()
+                })
+              })
+            })
+          })
+          .catch(err => {
+            console.log('err :', err)
+          })
+      })
+    })
+  })
+
   describe('Status Endpoint', () => {
     describe('GET', () => {
       it('should return 405 error', done => {

workspace/pages/index.js

@@ -5,9 +5,9 @@ ${partials_header}
     <h2>Successfully installed and running!</h2>
   </header>
 
-  <p>If you are seeing this everything went well. The next step is to explore the <a href="http://docs.dadi.tech">documentation</a> and the source code to our site, <a href="https://dadi.tech">DADI.tech</a> as an <a href="https://github.com/dadi/dadi.tech">example project</a>.</p>
+  <p>If you are seeing this everything went well. The next step is to explore the <a href="http://docs.dadi.cloud">documentation</a> and the source code to our site, <a href="https://dadi.cloud">DADI.cloud</a> as an <a href="https://github.com/dadi/cloud">example project</a>.</p>
 
-  <p>Next time you need to install Web you could try using <a href="https://docs.dadi.tech/cli">DADI CLI</a> which gives you a default workspace.</p>
+  <p>Next time you need to install Web you could try using <a href="https://docs.dadi.cloud/cli">DADI CLI</a> which gives you a default workspace.</p>
 </article>
 
 ${partials_footer}