feat: allow set CORS allow credentials header

packages/server/src/handlers/BaseHandler.ts

@@ -27,6 +27,9 @@ export class BaseHandler extends EventEmitter {
   }
 
   write(res: http.ServerResponse, status: number, headers = {}, body = '') {
+    if(this.options.allowedCredentials) {
+      res.setHeader('Access-Control-Allow-Credentials', 'true');
+    }
     if (status !== 204) {
       // @ts-expect-error not explicitly typed but possible
       headers['Content-Length'] = Buffer.byteLength(body, 'utf8')

packages/server/src/types.ts

@@ -34,6 +34,11 @@ export type ServerOptions = {
    */
   allowedHeaders?: string[]
 
+  /**
+   * set `Access-Control-Allow-Credentials` to true.
+   */
+  allowedCredentials?: boolean;
+
   /**
    * Interval in milliseconds for sending progress of an upload over `EVENTS.POST_RECEIVE_V2`
    */

packages/server/test/BaseHandler.test.ts

@@ -48,6 +48,17 @@ describe('BaseHandler', () => {
     done()
   })
 
+    it('write() should set Access-Control-Allow-Credentials', (done) => {
+    handler.options.allowedCredentials = true;
+    const header = 'Access-Control-Allow-Credentials'
+    const headers = {[header]: 'GET, OPTIONS'}
+    handler.write(res, 200, headers)
+    assert.equal(res.getHeader(header), 'true'])
+    handler.options.allowedCredentials = false;
+
+    done()
+  })
+
   it('write() should write the body', (done) => {
     const body = 'Hello tus!'
     handler.write(res, 200, {}, body)