Update default allowed headers in makeCorsHeaders

- Allow the caller to optionally provide a list - Add `traceparent`, `tracestate`, `X-Request-ID` and `X-Correlation-Id` by default.
2025-04-18 09:30:26 -05:00 · 2025-04-18 09:30:26 -05:00 · c6d02d7db7
commit c6d02d7db7
parent e44d476d88
2 changed files with 18 additions and 4 deletions
--- a/buffoonery.nimble
+++ b/buffoonery.nimble
@ -1,6 +1,6 @@
 # Package

-version       = "0.4.7"
+version       = "0.4.8"
 author        = "Jonathan Bernard"
 description   = "Jonathan's opinionated extensions and auth layer for Jester."
 license       = "MIT"
--- a/src/buffoonery/apiutils.nim
+++ b/src/buffoonery/apiutils.nim
@ -47,6 +47,7 @@ func `$`*(r: ApiResponse): string = $(%r)
 proc makeCorsHeaders*(
    allowedMethods: seq[string],
    allowedOrigins: seq[string],
+    allowedHeaders: Option[seq[string]],
    reqOrigin = none[string]()): HttpHeaders =

  result =
@ -55,7 +56,12 @@ proc makeCorsHeaders*(
        "Access-Control-Allow-Origin": reqOrigin.get,
        "Access-Control-Allow-Credentials": "true",
        "Access-Control-Allow-Methods": allowedMethods.join(","),
-        "Access-Control-Allow-Headers": "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-CSRF-TOKEN"
+        "Access-Control-Allow-Headers":
+          if allowedHeaders.isSome: allowedHeaders.get.join(",")
+          else:
+            "DNT,User-Agent,X-Requested-With,If-Modified-Since," &
+            "Cache-Control,Content-Type,Range,Authorization,X-CSRF-TOKEN," &
+            "traceparent,tracestate,X-Request-ID,X-Correlation-ID",
      }
    else:
      if reqOrigin.isSome:
@ -67,8 +73,16 @@ proc makeCorsHeaders*(
 proc makeCorsHeaders*(
    allowedMethods: seq[HttpMethod],
    allowedOrigins: seq[string],
+    allowedHeaders: Option[seq[string]],
    reqOrigin = none[string]()): HttpHeaders =
- makeCorsHeaders(allowedMethods.mapIt($it), allowedOrigins, reqOrigin )
+ makeCorsHeaders(allowedMethods.mapIt($it), allowedOrigins, allowedHeaders, reqOrigin )
+
+
+proc makeCorsHeaders*[T: HttpMethod or string](
+    allowedMethods: seq[T],
+    allowedOrigins: seq[string],
+    reqOrigin = none[string]()): HttpHeaders =
+ makeCorsHeaders(allowedMethods, allowedOrigins, none[seq[string]](), reqOrigin )


 func origin*(req: Request): Option[string] =