From b8d0ec42381540db7eeec48e5118fc0dd566978c Mon Sep 17 00:00:00 2001
From: Tagan Hoyle <tagnum.elite@gmail.com>
Date: Mon, 14 Oct 2019 01:51:15 +0200
Subject: [PATCH] Add CORS Header to every request (#4171)

* Try enable universal cors

* Move handle from registerErrorHandlers because it isn't and error handler

* Add test for cors headers

Also add link to issue
---
 core/server/server.js      | 6 ++++++
 core/server/server.spec.js | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/core/server/server.js b/core/server/server.js
index aefe9f9ce1..d957f97e04 100644
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -323,6 +323,12 @@ class Server {
     const { apiProvider: githubApiProvider } = this.githubConstellation
     suggest.setRoutes(allowedOrigin, githubApiProvider, camp)
 
+    // https://github.com/badges/shields/issues/3273
+    camp.handle((req, res, next) => {
+      res.setHeader('Access-Control-Allow-Origin', '*')
+      next()
+    })
+
     this.registerErrorHandlers()
     this.registerRedirects()
     this.registerServices()
diff --git a/core/server/server.spec.js b/core/server/server.spec.js
index 53acc855bc..929f3bc6f7 100644
--- a/core/server/server.spec.js
+++ b/core/server/server.spec.js
@@ -151,4 +151,10 @@ describe('The server', function() {
       .and.to.include('410')
       .and.to.include('jpg no longer available')
   })
+
+  it('should return cors header for the request', async function() {
+    const { statusCode, headers } = await got(`${baseUrl}npm/v/express.svg`)
+    expect(statusCode).to.equal(200)
+    expect(headers['access-control-allow-origin']).to.equal('*')
+  })
 })
-- 
GitLab