fix: Calling all options even if origin header is not present (#87)

As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs

Fix #18

Author: CleberRossi

index.js

@@ -58,8 +58,6 @@ module.exports = function(options) {
     // https://github.com/rs/cors/issues/10
     ctx.vary('Origin');
 
-    if (!requestOrigin) return await next();
-
     let origin;
     if (typeof options.origin === 'function') {
       origin = await options.origin(ctx);

test/cors.test.js

@@ -77,6 +77,14 @@ describe('cors.test.js', function() {
         .expect({ foo: 'bar' })
         .expect(200, done);
     });
+
+    it('should always set `Access-Control-Allow-Origin` to *, even if no Origin is passed on request', function(done) {
+      request(app.listen())
+        .get('/')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect({ foo: 'bar' })
+        .expect(200, done);
+    });
   });
 
   describe('options.secureContext=true', function() {