Add debug to cors middleware

lib/index.js

@@ -4,6 +4,7 @@
 
   var assign = require('object-assign');
   var vary = require('vary');
+  var debug = require('debug')('express:cors');
 
   var defaults = {
     origin: '*',
@@ -17,50 +18,61 @@
   }
 
   function isOriginAllowed(origin, allowedOrigin) {
+    debug('test of origin %s. AllowedOrigin: %O',  origin, allowedOrigin);
     if (Array.isArray(allowedOrigin)) {
       for (var i = 0; i < allowedOrigin.length; ++i) {
         if (isOriginAllowed(origin, allowedOrigin[i])) {
+          debug('isAllowedOrigin true');
           return true;
         }
       }
       return false;
     } else if (isString(allowedOrigin)) {
+      debug('isAllowedOrigin %s', origin === allowedOrigin);
       return origin === allowedOrigin;
     } else if (allowedOrigin instanceof RegExp) {
+      debug('isAllowedOrigin %s' , allowedOrigin.test(origin));  
       return allowedOrigin.test(origin);
     } else {
+      debug('isAllowedOrigin %s',!!allowedOrigin)
       return !!allowedOrigin;
     }
   }
 
   function configureOrigin(options, req) {
+    debug('Configure Origin');
     var requestOrigin = req.headers.origin,
       headers = [],
       isAllowed;
 
     if (!options.origin || options.origin === '*') {
       // allow any origin
+      debug('added header Access-Control-Allow-Origin *');
       headers.push([{
         key: 'Access-Control-Allow-Origin',
         value: '*'
       }]);
     } else if (isString(options.origin)) {
       // fixed origin
+      debug('added header Access-Control-Allow-Origin %s', options.origin);
       headers.push([{
         key: 'Access-Control-Allow-Origin',
         value: options.origin
       }]);
+      debug('added header Vary Origin');
       headers.push([{
         key: 'Vary',
         value: 'Origin'
       }]);
     } else {
       isAllowed = isOriginAllowed(requestOrigin, options.origin);
       // reflect origin
+      debug('added header Access-Control-Allow-Origin %s', isAllowed ? requestOrigin : false);
       headers.push([{
         key: 'Access-Control-Allow-Origin',
         value: isAllowed ? requestOrigin : false
       }]);
+      debug('added header Vary Origin');
       headers.push([{
         key: 'Vary',
         value: 'Origin'
@@ -71,18 +83,22 @@
   }
 
   function configureMethods(options) {
+    debug('Configure methods')
     var methods = options.methods;
     if (methods.join) {
       methods = options.methods.join(','); // .methods is an array, so turn it into a string
     }
+    debug('added header Access-Control-Allow-Methods %O', methods);
     return {
       key: 'Access-Control-Allow-Methods',
       value: methods
     };
   }
 
   function configureCredentials(options) {
+    debug('Configure Credentials')
     if (options.credentials === true) {
+      debug('added header Access-Control-Allow-Credentials true')
       return {
         key: 'Access-Control-Allow-Credentials',
         value: 'true'
@@ -92,11 +108,13 @@
   }
 
   function configureAllowedHeaders(options, req) {
+    debug('Configure Allowed Headers')
     var allowedHeaders = options.allowedHeaders || options.headers;
     var headers = [];
 
     if (!allowedHeaders) {
       allowedHeaders = req.headers['access-control-request-headers']; // .headers wasn't specified, so reflect the request headers
+      debug('added header Vary Access-Control-Request-Headers')
       headers.push([{
         key: 'Vary',
         value: 'Access-Control-Request-Headers'
@@ -105,6 +123,7 @@
       allowedHeaders = allowedHeaders.join(','); // .headers is an array, so turn it into a string
     }
     if (allowedHeaders && allowedHeaders.length) {
+      debug('added header Access-Control-Allow-Headers %s', allowedHeaders);
       headers.push([{
         key: 'Access-Control-Allow-Headers',
         value: allowedHeaders
@@ -115,13 +134,15 @@
   }
 
   function configureExposedHeaders(options) {
+    debug('Configure Exposed Headers')
     var headers = options.exposedHeaders;
     if (!headers) {
       return null;
     } else if (headers.join) {
       headers = headers.join(','); // .headers is an array, so turn it into a string
     }
     if (headers && headers.length) {
+      debug('added header Access-Control-Expose-Headers %s', headers);
       return {
         key: 'Access-Control-Expose-Headers',
         value: headers

package.json

@@ -13,6 +13,7 @@
   "repository": "expressjs/cors",
   "main": "./lib/index.js",
   "dependencies": {
+    "debug": "^4.3.1",
     "object-assign": "^4",
     "vary": "^1"
   },