Merge pull request #4 from leroix/feature/master/allow-CORS-cookies

Feature/master/allow cors cookies

Author: yanatan16

README.md

@@ -59,6 +59,7 @@ nanoajax.ajax({url: '/some-post-url', method: 'POST', body: 'post=content&args=y
 - `method` `"GET", "POST", "PUT", etc`
 - `body` string body (if its not url-encoded, make sure to set `Content-Type` header)
 - `headers` header object
+- `withCredentials` `true or false` only applicable to CORS (does not work in IE)
 
 ## Compatibility
 

index.js

@@ -3,9 +3,15 @@ exports.ajax = function (params, callback) {
   var headers = params.headers || {}
     , body = params.body
     , method = params.method || (body ? 'POST' : 'GET')
+    , withCredentials = params.withCredentials || false
 
   var req = getRequest()
 
+  // has no effect in IE
+  // has no effect for same-origin requests
+  // has no effect in CORS if user has disabled 3rd party cookies
+  req.withCredentials = withCredentials
+
   req.onreadystatechange = function () {
     if (req.readyState == 4)
       callback(req.status, req.responseText, req)
@@ -34,4 +40,4 @@ function getRequest() {
 
 function setDefault(obj, key, value) {
   obj[key] = obj[key] || value
-}
+}

nanoajax.min.js

@@ -9,6 +9,7 @@
   "dependencies": {},
   "devDependencies": {
     "body-parser": "^1.6.2",
+    "cookie-parser": "^1.3.4",
     "express": "^4.8.2",
     "localtunnel": "^1.5.0",
     "morgan": "^1.2.2"

package.json

@@ -74,5 +74,22 @@ function defineTests(ajax) {
         done()
       })
     })
+
+    test('withCredentials', function (done) {
+      ajax('/cors-url', function (code, body) {
+        ajax({
+          url: body + '/cookie-setter'
+        , withCredentials: true
+        }, function (code, cookieValue) {
+          ajax({
+            url: body + '/cookie-verifier?cookie_value=' + cookieValue
+          , withCredentials: true
+          }, function (code) {
+            assert.equal(code, 200, 'Server could not verify cookie value')
+            done()
+          })
+        })
+      })
+    })
   }
-}
+}

test/index.js

@@ -11,6 +11,7 @@ var tunnel = localtunnel(process.env.ZUUL_PORT, function (err, tunnel) {
 app.use(require('morgan')('dev'))
 app.use(require('body-parser').urlencoded({extended:false}))
 app.use(require('body-parser').json())
+app.use(require('cookie-parser')())
 
 app.get('/nanoajax.min.js', function (req, res) {
   fs.createReadStream(__dirname + '/../nanoajax.min.js', {encoding:'utf8'})
@@ -49,4 +50,23 @@ app.get('/header', function (req, res) {
   res.send(req.headers['x-custom'])
 })
 
-app.listen(process.env.ZUUL_PORT)
+app.get('/cookie-setter', function (req, res) {
+  var randomNumber = Math.random() + ''
+  res.cookie('doge', randomNumber)
+  res.setHeader('Access-Control-Allow-Origin', req.get('origin'))
+  res.setHeader('Access-Control-Allow-Credentials', true)
+  res.send(randomNumber)
+})
+
+app.get('/cookie-verifier', function (req, res) {
+  res.setHeader('Access-Control-Allow-Origin', req.get('origin'))
+  res.setHeader('Access-Control-Allow-Credentials', true)
+
+  if (req.query.cookie_value !== req.cookies.doge) {
+    res.status(500).send('Could not verify cookie')
+  } else {
+    res.send('OK')
+  }
+})
+
+app.listen(process.env.ZUUL_PORT)