cors 1.0.0

data/.gitignore

@@ -0,0 +1,2 @@
+.yardoc/
+doc/

data/.rspec

@@ -0,0 +1,4 @@
+--color
+-Ilib
+-Ispec
+--require spec_helper

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem "rake"
+gem "yard"

data/Gemfile.lock

@@ -0,0 +1,24 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    rake (0.9.2.2)
+    redcarpet (2.1.1)
+    rspec (2.11.0)
+      rspec-core (~> 2.11.0)
+      rspec-expectations (~> 2.11.0)
+      rspec-mocks (~> 2.11.0)
+    rspec-core (2.11.1)
+    rspec-expectations (2.11.3)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.11.3)
+    yard (0.8.2.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rake
+  redcarpet
+  rspec
+  yard

data/README.md

@@ -0,0 +1,67 @@
+# CORS policy validation- and signing library 
+
+[![Build Status](https://secure.travis-ci.org/elabs/cors.png)](http://travis-ci.org/elabs/cors)
+
+Cross-origin resource sharing (CORS) is great; it allows your visitors to asynchronously upload files to
+e.g. Filepicker or Amazon S3, without the files having to round-trip through your web server. Unfortunately,
+giving your users complete write access to your online storage also exposes you to malicious intent.
+
+To combat harmful usage, good upload services that allow client-side upload, support a mechanism that allows
+you to validate and sign all upload requests to your online storage. By validating every request, you can
+give your visitors a nice upload experience, while keeping the bad visitors at bay.
+
+## Usage
+
+```ruby
+UploadManifest = CORS::Policy::S3.create do |policy|
+  policy.required "method", "PUT"
+  policy.optional "md5" do |value|
+    Base64.strict_decode64(value)
+  end
+  policy.required "content-type", %r|image/|
+  policy.required "x-amz-date" do |date|
+    "2012-10-22T16:10:47+02:00" == date
+  end
+  policy.required "filename", %r|uploads/|
+end
+
+manifest = UploadManifest.new(params)
+
+response = if manifest.valid?
+  { success: manifest.sign(access_key, secret_access_key) }
+else
+  { error: manifest.errors }
+end
+```
+
+## Supported services
+
+Out-of-the box, the CORS library comes with support for the Amazon S3 REST API. Support
+for Filepicker is planned.
+
+- [Amazon S3 REST API](http://docs.amazonwebservices.com/AmazonS4/latest/dev/RESTAuthentication.html)
+
+## License
+
+Copyright (c) 2012 Kim Burgestrand
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,33 @@
+begin
+  require "bundler/gem_tasks"
+rescue LoadError
+end
+
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new('yard:doc') do |task|
+    task.options = ['--no-stats']
+  end
+
+  desc "Run documentation statistics"
+  task 'yard:stats' do
+    YARD::CLI::Stats.run('--list-undoc')
+  end
+
+  desc "Generate documentation and run documentation statistics"
+  task :yard => ['yard:doc', 'yard:stats']
+rescue LoadError
+  puts "WARN: YARD not available. You may install documentation dependencies via bundler."
+end
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new do |spec|
+  spec.ruby_opts = "-W"
+end
+
+desc "Launch a console with the library loaded"
+task :console do
+  exec "irb", "-Ilib", "-rcors"
+end
+
+task :default => :spec

data/cors.gemspec

@@ -0,0 +1,35 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cors/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "cors"
+  gem.version       = CORS::VERSION
+  gem.authors       = ["Kim Burgestrand"]
+  gem.email         = ["kim@burgestrand.se"]
+  gem.homepage      = "http://github.com/elabs/cors"
+  gem.summary       = "CORS policy validation- and signing library for Amazon S3 REST API."
+  gem.description   = <<-DESCRIPTION.gsub(/ +/, "")
+    Cross-origin resource sharing (CORS) is great; it allows your visitors to
+    asynchronously upload files to e.g. Filepicker or Amazon S3, without the
+    files having to round-trip through your web server. Unfortunately, giving
+    your users complete write access to your online storage also exposes you to
+    malicious intent.
+
+    To combat harmful usage, good upload services that allow client-side
+    upload, support a mechanism that allows you to validate and sign all upload
+    requests to your online storage. By validating every request, you can give
+    your visitors a nice upload experience, while keeping the bad visitors at
+    bay.
+
+    The CORS gem comes with support for the Amazon S3 REST API.
+  DESCRIPTION
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_development_dependency "rspec", "~> 2.0"
+end

data/lib/cors.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+require "cors/version"
+require "cors/rules"
+require "cors/policy"
+require "cors/policy/s3"
+
+# CORS policy validation and signature generation.
+#
+# @example usage for S3 REST API authorization header
+#   UploadManifest = CORS::Policy::S3.create do |policy|
+#     policy.required "method", "PUT"
+#     policy.optional "md5" do |value|
+#       Base64.strict_decode64(value)
+#     end
+#     policy.required "content-type", %r|image/|
+#     policy.required "x-amz-date" do |date|
+#       "2012-10-22T16:10:47+02:00" == date
+#     end
+#     policy.required "filename", %r|uploads/|
+#   end
+#
+#   manifest = UploadManifest.new(params)
+#
+#   response = if manifest.valid?
+#     { success: manifest.sign(access_key, secret_access_key) }
+#   else
+#     { error: manifest.errors }
+#   end
+#
+# @see CORS::Policy
+module CORS
+end

data/lib/cors/policy.rb

@@ -0,0 +1,109 @@
+module CORS
+  # Mixin for declaring CORS Policies.
+  #
+  # Classes who include this mixin should define both #manifest and #sign.
+  #
+  # @example
+  #   class S3
+  #     include CORS::Policy
+  #
+  #     def manifest
+  #       # create the manifest
+  #       [].tap do |manifest|
+  #         manifest << attributes["method"].upcase
+  #       end.join("\n")
+  #     end
+  #
+  #     def sign(access_key, secret_access_key)
+  #       # sign the manifest
+  #     end
+  #   end
+  #
+  #   policy = S3.create do |rules|
+  #     rules.required "method", %w[GET]
+  #   end
+  #
+  # @see CORS::Rules
+  module Policy
+    # Class methods added to includers of {CORS::Policy}.
+    #
+    # @see {CORS::Policy}
+    module ClassMethods
+      # @return [CORS::Rules]
+      attr_reader :rules
+
+      # Create an instance of this policy, declaring rules as well.
+      #
+      # @example
+      #   upload_policy = CORS::Policy::S3.create do |rules|
+      #     rules.required "method", %w[GET]
+      #   end
+      #
+      # @raise [ArgumentError] if no block is supplied
+      # @yield [rules] allows you to declare rules on the newly created policy
+      # @yieldparam [CORS::Rules] rules
+      def create(*, &block)
+        unless block_given?
+          raise ArgumentError, "manifest rules must be specified by a block, no block given"
+        end
+
+        Class.new(self) do
+          @rules = CORS::Rules.new(&block)
+        end
+      end
+    end
+
+    class << self
+      # Extends the target with {ClassMethods}
+      #
+      # @param [#extend] other
+      def included(other)
+        other.extend(ClassMethods)
+      end
+    end
+
+    # Initialize the policy with the given attributes and validate the attributes.
+    #
+    # @note attribute keys are converted to strings and downcased for validation
+    # @note validations are run instantly
+    #
+    # @param [Hash] attributes
+    # @see errors
+    # @see valid?
+    def initialize(attributes)
+      self.attributes = Hash[attributes.map { |k, v| [k.to_s.downcase, v] }]
+      self.errors = rules.validate(self.attributes)
+    end
+
+    # @return [Hash<String, Object>]
+    attr_accessor :attributes
+    protected :attributes=
+
+    # @return [Hash]
+    attr_accessor :errors
+    protected :errors=
+
+    # @raise [RuntimeError] raises if no rules have been defined
+    # @return [CORS::Rules] rules assigned to this policy
+    def rules
+      self.class.rules or raise "no rules defined for policy #{inspect}"
+    end
+
+    # @return [Boolean] true if no errors was encountered during validation in {#initialize}
+    def valid?
+      errors.empty?
+    end
+
+    # @note must be overridden by includers!
+    # @return [String] the compiled manifest
+    def manifest
+      raise NotImplementedError, "#manifest has not been defined on #{inspect}"
+    end
+
+    # @note must be overridden by includers!
+    # @return [String] signature derived from the manifest
+    def sign(*)
+      raise NotImplementedError, "#sign has not been defined on #{inspect}"
+    end
+  end
+end

data/lib/cors/policy/s3.rb

@@ -0,0 +1,47 @@
+require "openssl"
+require "base64"
+
+module CORS::Policy
+  # CORS policy for Amazon S3. See {CORS} module documenation for an example.
+  #
+  # @see CORS
+  class S3
+    include CORS::Policy
+
+    # Compile the S3 authorization manifest from the parameters.
+    #
+    # @see http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
+    def manifest
+      [].tap do |manifest|
+        manifest << attributes["method"].upcase
+        manifest << attributes["md5"]
+        manifest << attributes["content-type"]
+        manifest << attributes["date"]
+        normalized_headers.each do |(header, *values)|
+          manifest << "#{header}:#{values.join(",")}"
+        end
+        manifest << attributes["filename"]
+      end.join("\n")
+    end
+
+    # Sign the {#manifest} with the AWS credentials.
+    #
+    # @param [String] access_key
+    # @param [String] secret_access_key
+    def sign(access_key, secret_access_key)
+      return if not valid?
+      digest = OpenSSL::HMAC.digest("sha1", secret_access_key, manifest)
+      signature = Base64.strict_encode64(digest)
+      "AWS #{access_key}:#{signature}"
+    end
+
+    protected
+
+    # @return [Array] list of aws-specific headers properly sorted
+    def normalized_headers
+      attributes.select  { |property, _| property =~ /x-amz-/ }
+                .map     { |(header, values)| [header.downcase, values] }
+                .sort_by { |(header, _)| header }
+    end
+  end
+end

data/lib/cors/rules.rb

@@ -0,0 +1,121 @@
+module CORS
+  # Internal class for handling rule definitions and validation.
+  #
+  # @private
+  class Rules
+    include Enumerable
+
+    # @example
+    #   Rules.new do |rules|
+    #     rules.required …
+    #     rules.optional …
+    #   end
+    #
+    # @yield [self]
+    # @yieldparam [Rules] self
+    def initialize
+      @rules = []
+      yield self if block_given?
+    end
+
+    # Yields each rule in order, or returns an Enumerator
+    # if no block was given.
+    #
+    # @example
+    #   rules.each do |rule|
+    #     …
+    #   end
+    #
+    # @example without block
+    #   rules.each.with_index do |rule, index|
+    #     …
+    #   end
+    #
+    # @return [Hash<:name, :matcher, :required>, Enumerator]
+    def each
+      if block_given?
+        @rules.each { |rule| yield rule }
+      else
+        @rules.enum_for(__method__)
+      end
+    end
+
+    # Declare a required rule; the value must be present, and it must
+    # match the given constraints or block matcher.
+    #
+    # @example with a regexp
+    #   @required "content-type", %r|image/jpe?g|
+    #
+    # @example with a string
+    #   required "content-type", "image/jpeg"
+    #
+    # @example with an array
+    #   required "content-type", ["image/jpeg", "image/jpg"]
+    #
+    # @example with a block
+    #   required "content-type" do |value|
+    #     value =~ %r|image/jpe?g|
+    #   end
+    #
+    # @param name can be any valid hash key of the parameters to be validated
+    # @param [Regexp, String, Array] constraints
+    # @yield [value]
+    # @yieldparam value of the key `name` in the parameters to be validated
+    # @return [Hash] the newly created rule
+    def required(name, constraints = nil, &block)
+      matcher = if block_given? then block
+      elsif constraints.is_a?(Regexp)
+        constraints.method(:===)
+      elsif constraints.is_a?(String)
+        constraints.method(:===)
+      elsif constraints.is_a?(Array)
+        constraints.method(:include?)
+      else
+        raise ArgumentError, "unknown matcher #{(constraints || block).inspect}"
+      end
+
+      { name: name, matcher: matcher, required: true }.tap do |rule|
+        @rules << rule
+      end
+    end
+
+    # Same as {#required}, but the rule won’t run if the key is not present.
+    #
+    # @param (see required)
+    # @return (see required)
+    # @see required
+    def optional(*args, &block)
+      required(*args, &block).tap { |rule| rule[:required] = false }
+    end
+
+    # Validate a set of attributes against the defined rules.
+    #
+    # @example
+    #   errors = rules.validate(params)
+    #   if errors.empty?
+    #     # valid
+    #   else
+    #     # not valid, errors is a hash of { name => [ reason, rule ] }
+    #   end
+    #
+    # @see required
+    # @param [#has_key?, #[]] attributes
+    # @return [Hash<name: [reason, rule]>] list of errors, empty if attributes are valid
+    def validate(attributes)
+      each_with_object({}) do |rule, failures|
+        fail = lambda do |reason|
+          failures[rule[:name]] = [reason, rule]
+        end
+
+        unless attributes.has_key?(rule[:name])
+          fail[:required] if rule[:required]
+          next
+        end
+
+        unless rule[:matcher].call(attributes[rule[:name]])
+          fail[:match]
+        end
+      end
+    end
+  end
+end

data/lib/cors/version.rb

@@ -0,0 +1,4 @@
+module CORS
+  # @see http://semver.org/
+  VERSION = "1.0.0"
+end

data/spec/cors_spec.rb

@@ -0,0 +1,60 @@
+describe CORS::Policy do
+  let(:policy) do
+    Class.new { include CORS::Policy }
+  end
+
+  let(:valid_attributes) do
+    {
+      "anything" => "Yay!"
+    }
+  end
+
+  let(:manifest) do
+    policy.create do |rules|
+      rules.required "anything", //
+    end
+  end
+
+  describe ".initialize" do
+    it "requires a block" do
+      expect { CORS::Policy::S3.create }.to raise_error(ArgumentError, /no block given/)
+    end
+  end
+
+  describe "#initialize" do
+    it "requires attributes" do
+      expect { manifest.new }.to raise_error(ArgumentError, /wrong number of arguments/)
+    end
+
+    it "normalizes the attribute keys" do
+      manifest.new(cOOl: :Yo).attributes.should eq({ "cool" => :Yo })
+    end
+
+    it "populates the hash of errors" do
+      manifest.new({}).errors.should_not be_empty
+    end
+  end
+
+  describe "#rules" do
+    it "raises an error if no rules have been defined" do
+      expect { policy.new({}) }.to raise_error(/no rules defined/)
+    end
+
+    it "returns the raw rules" do
+      manifest.rules.should be_a CORS::Rules
+    end
+  end
+
+  describe "#valid?" do
+    it "returns true if validation succeeds" do
+      manifest.new(valid_attributes).tap do |manifest|
+        manifest.should be_valid
+        manifest.errors.should eq({})
+      end
+    end
+
+    it "returns false if validation fails" do
+      manifest.new({}).should_not be_valid
+    end
+  end
+end

data/spec/policies/s3_spec.rb

@@ -0,0 +1,59 @@
+describe CORS::Policy::S3 do
+  let(:valid_attributes) do
+    {
+      "method" => "PUT",
+      "md5"    => "CCummMp6o4ZgypU7ePh7QA==",
+      "content-type" => "image/jpeg",
+      "x-amz-meta-filename" => "roflcopter.gif",
+      "x-amz-date" => "2012-10-22T16:10:47+02:00",
+      "x-amz-meta-ROFLCOPTER" => ["yes", "no", "maybe"],
+      "x-not-amz-header" => "I am ignored",
+      "filename" => "uploads/roflcopter.gif"
+    }
+  end
+
+  let(:rules) do
+    lambda do |manifest|
+      manifest.required "method", "PUT"
+      manifest.optional "md5" do |value|
+        Base64.strict_decode64(value)
+      end
+      manifest.required "content-type", %r|image/|
+      manifest.required "x-amz-date" do |date|
+        "2012-10-22T16:10:47+02:00" == date
+      end
+      manifest.required "filename", %r|uploads/|
+    end
+  end
+
+  let(:manifest) { CORS::Policy::S3.create(&rules) }
+
+  describe "#manifest" do
+    it "is built according to specifications" do
+      manifest = CORS::Policy::S3.create(&rules).new(valid_attributes)
+      manifest.manifest.should eq <<-MANIFEST.gsub(/^ +/, "").rstrip
+        PUT
+        CCummMp6o4ZgypU7ePh7QA==
+        image/jpeg
+
+        x-amz-date:2012-10-22T16:10:47+02:00
+        x-amz-meta-filename:roflcopter.gif
+        x-amz-meta-roflcopter:yes,no,maybe
+        uploads/roflcopter.gif
+      MANIFEST
+    end
+  end
+
+  describe "#sign" do
+    it "signs the manifest if it is valid" do
+      manifest = CORS::Policy::S3.create(&rules).new(valid_attributes)
+      manifest.sign("LAWL", "HELLO").should eq "AWS LAWL:WZGsk2VzLz85B6oU19a5+fvzxXM="
+    end
+
+    it "does not sign if the manifest is invalid" do
+      manifest = CORS::Policy::S3.create(&rules).new(valid_attributes)
+      manifest.should_receive(:valid?).and_return(false)
+      manifest.sign("LAWL", "HELLO").should be_nil
+    end
+  end
+end

data/spec/rules_spec.rb

@@ -0,0 +1,89 @@
+describe CORS::Rules do
+  describe "#each" do
+    let(:list) { [] }
+    let(:rules) do
+      CORS::Rules.new do |r|
+        list << r.required("yay", //)
+        list << r.optional("boo", //)
+      end
+    end
+
+    it "is enumerable" do
+      rules.each_with_object([]) { |rule, result| result << rule }.should eq(list)
+    end
+
+    it "returns an enumerator without a block" do
+      rules.each.with_object([]) { |rule, result| result << rule }.should eq(list)
+    end
+  end
+
+  describe "#required" do
+    it "does not accept arbitrary constraints" do
+      expect { CORS::Rules.new { |r| r.required "method", false } }.to raise_error(ArgumentError, /unknown matcher/)
+    end
+
+    it "results in an error when the value is missing" do
+      rules  = CORS::Rules.new { |r| r.required "method", // }
+      errors = rules.validate({})
+
+      errors.should eq({ "method" => [:required, rules.first] })
+    end
+
+    it "results in an error when the value does not match" do
+      rules = CORS::Rules.new { |r| r.required "content-type", %r|image/jpe?g| }
+      errors = rules.validate({ "content-type" => "image/png" })
+
+      errors.should eq({ "content-type" => [:match, rules.first] })
+    end
+
+    it "can match a regexp" do
+      rules = CORS::Rules.new { |r| r.required "content-type", %r|image/jpe?g| }
+
+      rules.validate({ "content-type" => "image/jpeg" }).should be_empty
+      rules.validate({ "content-type" => "image/jpg" }).should be_empty
+      rules.validate({ "content-type" => "image/png" }).should_not be_empty
+    end
+
+    it "can match a literal string" do
+      rules = CORS::Rules.new { |r| r.required "content-type", "image/jpeg" }
+
+      rules.validate({ "content-type" => "image/jpeg" }).should be_empty
+      rules.validate({ "content-type" => "image/jpg" }).should_not be_empty
+    end
+
+    it "can match an array" do
+      rules = CORS::Rules.new { |r| r.required "content-type", ["image/jpeg", "image/png"] }
+
+      rules.validate({ "content-type" => "image/jpeg" }).should be_empty
+      rules.validate({ "content-type" => "image/png" }).should be_empty
+      rules.validate({ "content-type" => "image/jpg" }).should_not be_empty
+    end
+
+    it "can match a block" do
+      rules = CORS::Rules.new do |r|
+        r.required "content-type" do |type|
+          "image/jpeg" == type
+        end
+      end
+
+      rules.validate({ "content-type" => "image/jpeg" }).should be_empty
+      rules.validate({ "content-type" => "image/png" }).should_not be_empty
+    end
+  end
+
+  describe "#optional" do
+    it "results in no error when the value is missing" do
+      rules = CORS::Rules.new { |r| r.optional "method", // }
+      errors = rules.validate({})
+
+      errors.should be_empty
+    end
+
+    it "results in an error when the value is present but does not match" do
+      rules = CORS::Rules.new { |r| r.optional "content-type", %r|image/jpe?g| }
+      errors = rules.validate({ "content-type" => "image/png" })
+
+      errors.should eq({ "content-type" => [:match, rules.first] })
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require "cors"

metadata

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: cors
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Kim Burgestrand
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: ! 'Cross-originresourcesharing(CORS)isgreat;itallowsyourvisitorsto
+
+  asynchronouslyuploadfilestoe.g.FilepickerorAmazonS3,withoutthe
+
+  fileshavingtoround-tripthroughyourwebserver.Unfortunately,giving
+
+  youruserscompletewriteaccesstoyouronlinestoragealsoexposesyouto
+
+  maliciousintent.
+
+
+  Tocombatharmfulusage,gooduploadservicesthatallowclient-side
+
+  upload,supportamechanismthatallowsyoutovalidateandsignallupload
+
+  requeststoyouronlinestorage.Byvalidatingeveryrequest,youcangive
+
+  yourvisitorsaniceuploadexperience,whilekeepingthebadvisitorsat
+
+  bay.
+
+
+  TheCORSgemcomeswithsupportfortheAmazonS3RESTAPI.
+
+'
+email:
+- kim@burgestrand.se
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- cors.gemspec
+- lib/cors.rb
+- lib/cors/policy.rb
+- lib/cors/policy/s3.rb
+- lib/cors/rules.rb
+- lib/cors/version.rb
+- spec/cors_spec.rb
+- spec/policies/s3_spec.rb
+- spec/rules_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/elabs/cors
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: CORS policy validation- and signing library for Amazon S3 REST API.
+test_files:
+- spec/cors_spec.rb
+- spec/policies/s3_spec.rb
+- spec/rules_spec.rb
+- spec/spec_helper.rb