asset_access_control 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+*.swp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/CHANGELOG.md

@@ -0,0 +1,37 @@
+### master
+
+### 0.1.1 / 2012-01-18
+
+[full changelog](https://github.com/rubymaverick/font_assets/compare/v0.1.0...v0.1.1)
+
+Bug Fixes
+
+* Fix Rack::File#empty? call in middleware causing an exception.
+
+### 0.1.0 / 2012-01-18
+
+[full changelog](https://github.com/rubymaverick/font_assets/compare/v0.0.2...v0.1.0)
+
+Enhancements
+
+* Refactor MIME type settings into a local object.
+* Add RSpec specs on the middleware and mime type handler.
+* Update the README with more detail and examples.
+* Fixed a typo in "ttf" in the middleware.
+* Removed duplicate Railtie definition.
+
+Bug Fixes
+
+* Fix MIME types not being properly set in recent versions of Rack (starting in [Rack 1.3.0](https://github.com/rack/rack/commit/469518f7d971ba99fc335cf546d605d2364c81aa))
+
+### 0.0.2 / 2011-12-15
+
+[full changelog](https://github.com/rubymaverick/font_assets/compare/v0.0.1...v0.0.2)
+
+Enhancements
+
+* Make MIME setting more future-compatible by optionally setting it.
+
+### 0.0.1 / 2011-12-15
+
+Initial release.

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in font_assets.gemspec
+gemspec

data/README.md

@@ -0,0 +1,111 @@
+Font Assets
+=============
+
+This little gem helps serve font-face assets in Rails 3.1.  It really does these
+two things:
+
+* Responds with "proper" mime types for woff, eot, tff, and svg font files, and
+* Sets Access-Control-Allow-Origin response headers for font assets, which Firefox requires for cross domain fonts.
+
+In addition, it will also respond to the pre-flight OPTIONS requests made by
+supporting browsers (Firefox).
+
+Install
+-------
+
+Add `font_assets` to your Gemfile:
+
+```ruby
+gem 'font_assets'
+```
+
+
+Usage
+-----
+
+By default, in a Rails application, this gem should Just Work™.  However, the
+default settings allow any requesting site to use the linked fonts, due to the
+Allowed Origin being '*', by default.  This is only useful for browsers which
+support this feature (Firefox), but restricting it to certain domains may be
+beneficial.
+
+Set the origin domain that will get set in the `Access-Control-Allow-Origin`
+header:
+
+```ruby
+# in config/environments/production.rb
+config.font_assets.origin = 'http://codeschool.com'
+```
+
+The origin domain must match the domain of the site serving the page that is
+requesting the font, not the host of the font.  For example, if you are using a
+CDN to serve your assets (like CloudFront), and the full path to the font asset
+is `http://d3rd6rvl24noqd.cloudfront.net/assets/fonts/Pacifico-webfont-734f1436e605566ae2f1c132905e28b2.woff`,
+but the URI the user is visiting is `http://coffeescript.codeschool.com/level/1`,
+you'd want to set the origin header to this:
+
+```ruby
+config.font_assets.origin = 'http://coffeescript.codeschool.com'
+```
+
+An Example Response
+-------------------
+
+Below is an example response for a .woff font asset on a Rails 3.1 application
+running behind several proxies and caches (including CloudFront):
+
+```
+$ curl -i http://d1tijy5l7mg5kk.cloudfront.net/assets/ubuntu/Ubuntu-Bold-webfont-4bcb5239bfd34be67bc07901959fc6e1.woff
+HTTP/1.0 200 OK
+Server: nginx
+Date: Sat, 14 Jan 2012 19:45:19 GMT
+Content-Type: application/x-font-woff
+Last-Modified: Sat, 14 Jan 2012 16:58:14 GMT
+Cache-Control: public, max-age=31557600
+Access-Control-Allow-Origin: http://www.codeschool.com
+Access-Control-Allow-Methods: GET
+Access-Control-Allow-Headers: x-requested-with
+Access-Control-Max-Age: 3628800
+X-Content-Digest: 66049433125f563329c4178848643536f76459e5
+X-Rack-Cache: fresh
+Content-Length: 17440
+X-Varnish: 311344447
+Age: 289983
+X-Cache: Hit from cloudfront
+X-Amz-Cf-Id: 9yzifs_hIQF_MxPLwSR8zck3eZVXJ8LFKpMUpXnu2SmMuEmyrUbHdQ==,Lbh9kfjr0YRm77seSmOSQ6oFkUEMabvtFStJLhTOy9BfGrIXVneoKQ==
+Via: 1.1 varnish, 1.0 2815dd16e8c2a0074b81a6148bd8aa3a.cloudfront.net:11180 (CloudFront), 1.0 f9e7403ca14431787835521769ace98a.cloudfront.net:11180 (CloudFront)
+Connection: close
+```
+
+In it, you can see where this middleware has injected the `Content-Type` and
+`Access-Control-*` headers into the response.
+
+And below is an example OPTIONS request response:
+
+```
+$ curl -i -X OPTIONS http://www.codeschool.com/
+HTTP/1.1 200 OK
+Server: nginx
+Date: Wed, 18 Jan 2012 04:13:25 GMT
+Connection: keep-alive
+Access-Control-Allow-Origin: http://www.codeschool.com
+Access-Control-Allow-Methods: GET
+Access-Control-Allow-Headers: x-requested-with
+Access-Control-Max-Age: 3628800
+Vary: Accept-Encoding
+X-Rack-Cache: invalidate, pass
+Content-Length: 0
+```
+
+License
+-------
+
+Font Assets is released under the MIT license.
+
+Contributors
+------------
+
+* [Nathanial Bibler](https://github.com/nbibler)
+* [Eric Allam](https://github.com/rubymaverick)
+* [Ryan Montgomery](https://github.com/rmontgomery429)
+* [Jack Foy](https://github.com/jfoy)

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/asset_access_control.gemspec

@@ -0,0 +1,24 @@
+
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "asset_access_control/version"
+
+Gem::Specification.new do |s|
+  s.name        = "asset_access_control"
+  s.version     = AssetAccessControl::VERSION
+  s.authors     = ["Eric Allam"]
+  s.email       = ["rubymaverick@gmail.com"]
+  s.homepage    = "https://github.com/rubymaverick/asset_access_control"
+  s.summary     = %q{Set Access Control headers on asset requests in Rails 3.1}
+  s.description = %q{Set Access Control headers on asset requests in Rails 3.1}
+
+  s.rubyforge_project = "asset_access_control"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency "rack"
+  s.add_development_dependency "rspec", "~>2.0"
+end

data/bin/autospec

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'autospec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rspec-core', 'autospec')

data/bin/htmldiff

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'htmldiff' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('diff-lcs', 'htmldiff')

data/bin/ldiff

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'ldiff' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('diff-lcs', 'ldiff')

data/bin/rackup

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'rackup' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rack', 'rackup')

data/bin/rspec

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rspec-core', 'rspec')

data/lib/asset_access_control/middleware.rb

@@ -0,0 +1,47 @@
+require 'rack'
+
+module AssetAccessControl
+  class Middleware
+
+    def initialize(app, origin)
+      @app = app
+      @origin = origin
+    end
+
+    def access_control_headers
+      {
+        "Access-Control-Allow-Origin" => @origin,
+        "Access-Control-Allow-Methods" => "GET",
+        "Access-Control-Allow-Headers" => "x-requested-with",
+        "Access-Control-Max-Age" => "3628800"
+      }
+    end
+
+    def call(env)
+      # intercept the "preflight" request
+      if env["REQUEST_METHOD"] == "OPTIONS"
+        return [200, access_control_headers, []]
+      else
+        code, headers, body = @app.call(env)
+        set_headers! headers, body, env["PATH_INFO"]
+        [code, headers, body]
+      end
+    end
+
+    private
+
+    def extension(path)
+      "." + path.split("?").first.split(".").last
+    end
+
+    def asset?(path)
+      %w(.css .js).include? extension(path)
+    end
+
+    def set_headers!(headers, body, path)
+      if ext = extension(path) and asset?(ext)
+        headers.merge!(access_control_headers)
+      end
+    end
+  end
+end

data/lib/asset_access_control/railtie.rb

@@ -0,0 +1,13 @@
+require 'asset_access_control/middleware'
+
+module AssetAccessControl
+  class Railtie < Rails::Railtie
+    config.asset_access_control = ActiveSupport::OrderedOptions.new
+
+    initializer "asset_access_control.configure_rails_initialization" do |app|
+      config.asset_access_control.origin ||= "*"
+
+      app.middleware.insert_before 'Rack::Lock', AssetAccessControl::Middleware, config.asset_access_control.origin
+    end
+  end
+end

data/lib/asset_access_control/version.rb

@@ -0,0 +1,3 @@
+module AssetAccessControl
+  VERSION = "0.0.1"
+end

data/lib/asset_access_control.rb

@@ -0,0 +1,5 @@
+require "asset_access_control/version"
+require "asset_access_control/railtie" if defined?(Rails)
+
+module AssetAccessControl
+end

data/spec/middleware_spec.rb

@@ -0,0 +1,88 @@
+require 'spec_helper'
+require 'asset_access_control/middleware'
+
+describe AssetAccessControl::Middleware do
+  it 'passes all Rack::Lint checks' do
+    app = Rack::Lint.new(load_app)
+    request app, '/'
+  end
+
+  context 'for GET requests' do
+    context 'to a css asset' do
+      let(:app) { load_app 'http://test.origin' }
+      let(:response) { request app, '/test.css' }
+
+      context 'the response headers' do
+        subject { response[1] }
+
+        its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" }
+        its(["Access-Control-Max-Age"]) { should == "3628800" }
+        its(['Access-Control-Allow-Methods']) { should == 'GET' }
+        its(['Access-Control-Allow-Origin']) { should == 'http://test.origin' }
+      end
+    end
+
+    context 'to a js asset' do
+      let(:app) { load_app 'http://test.origin' }
+      let(:response) { request app, '/test.js' }
+
+      context 'the response headers' do
+        subject { response[1] }
+
+        its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" }
+        its(["Access-Control-Max-Age"]) { should == "3628800" }
+        its(['Access-Control-Allow-Methods']) { should == 'GET' }
+        its(['Access-Control-Allow-Origin']) { should == 'http://test.origin' }
+      end
+    end
+
+    context 'to a non asset' do
+      let(:app) { load_app }
+      let(:response) { request app, '/' }
+
+      context 'the response headers' do
+        subject { response[1] }
+
+        its(["Access-Control-Allow-Headers"]) { should be_nil }
+        its(["Access-Control-Max-Age"]) { should be_nil }
+        its(['Access-Control-Allow-Methods']) { should be_nil }
+        its(['Access-Control-Allow-Origin']) { should be_nil }
+      end
+    end
+  end
+
+  context 'for OPTIONS requests' do
+    let(:app) { load_app 'http://test.options' }
+    let(:response) { request app, '/test.css', :method => 'OPTIONS' }
+
+    context 'the response headers' do
+      subject { response[1] }
+
+      its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" }
+      its(["Access-Control-Max-Age"]) { should == "3628800" }
+      its(['Access-Control-Allow-Methods']) { should == 'GET' }
+      its(['Access-Control-Allow-Origin']) { should == 'http://test.options' }
+    end
+
+    context 'the response body' do
+      subject { response[2] }
+      it { should be_empty }
+    end
+  end
+
+
+  private
+
+
+  def load_app(origin = 'http://test.local')
+    described_class.new(inner_app, origin)
+  end
+
+  def inner_app
+    lambda { |env| [200, {'Content-Type' => 'text/plain'}, 'Success'] }
+  end
+
+  def request(app, path, options = {})
+    app.call Rack::MockRequest.env_for(path, options)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: asset_access_control
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Eric Allam
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: Set Access Control headers on asset requests in Rails 3.1
+email:
+- rubymaverick@gmail.com
+executables:
+- autospec
+- htmldiff
+- ldiff
+- rackup
+- rspec
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- CHANGELOG.md
+- Gemfile
+- README.md
+- Rakefile
+- asset_access_control.gemspec
+- bin/autospec
+- bin/htmldiff
+- bin/ldiff
+- bin/rackup
+- bin/rspec
+- lib/asset_access_control.rb
+- lib/asset_access_control/middleware.rb
+- lib/asset_access_control/railtie.rb
+- lib/asset_access_control/version.rb
+- spec/middleware_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/rubymaverick/asset_access_control
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: asset_access_control
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Set Access Control headers on asset requests in Rails 3.1
+test_files:
+- spec/middleware_spec.rb
+- spec/spec_helper.rb