RubyGems - jets - Versions diffs - 1.6.8 → 1.6.9 - Mend

jets 1.6.8 → 1.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/Gemfile.lock +1 -1
data/lib/jets/controller/middleware/cors.rb +4 -3
data/lib/jets/middleware/default_stack.rb +1 -1
data/lib/jets/resource/api_gateway/cors.rb +16 -20
data/lib/jets/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58be2e98e5ac05eb8b721e2dd3561561ec887eda18bdf17baeb75b7f0e1b73bb
-  data.tar.gz: ec9bad41783087450f9fac8f62f5032cefeb6be701fb1f774ed1277adccdc7e4
+  metadata.gz: 0d5b38763f2bc3d91c65b0b75084f98bd8ee7902522fdf6cf70951876f9a4f24
+  data.tar.gz: d57bfc2a503614d78a8bcfba3418c966a93e72e93f5ee27e59ed5b058878fb1a
 SHA512:
-  metadata.gz: 874405e9a58ac61ed2688ef853b0bad7008cec7b1799581de581607ca2af4d7524ba6ede39c1805c906bb960375192b7736b177f673115a41fbe964b4ae3528f
-  data.tar.gz: 44b70405f81f129a3f4aeb928e7afb4d1702ab2d671d22344cbd87a8be183667468d345a3a536a45d2047a1721bbafc463adfe98b9001dee4fc57f7e61ce4f08
+  metadata.gz: b383844f584768ec4229921889bc33dc9314f49d873ab9338632930c675c770c5bc0c55ff3116a042a8d10a02d5950cf55797a9fb9d4f635cb5ab8a92b2b2df4
+  data.tar.gz: ff0a50321768af088978d13a9367285327c568314628c5e5317510e5bb09e89fe0d89f810535ceed44bf531f32cef3a0daf013dca94153f752ef6f35413af49f

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [1.6.9]
+- #184 improve default cors options request access-control-allow-methods
 ## [1.6.8]
 - #181 cors middleware
 - #182 more robust handler shim

data/Gemfile.lock CHANGED

@@ -11,7 +11,7 @@ GIT
 PATH
   remote: .
   specs:
-    jets (1.6.8)
+    jets (1.6.9)
       activerecord (~> 5.2.1)
       activesupport (~> 5.2.1)
       aws-sdk-apigateway

data/lib/jets/controller/middleware/cors.rb CHANGED

@@ -22,7 +22,6 @@ module Jets::Controller::Middleware
       [status, headers, body]
     end
-  private
     def cors_headers(preflight=false)
       headers = case Jets.config.cors
       when true
@@ -45,15 +44,17 @@ module Jets::Controller::Middleware
       headers
     end
+  private
     # Preflight OPTIONS request has extra headers.
     # This is only used locally. Remotely on AWS Lambda, OPTIONS requests are handled by an API Gateway Method.
     def preflight_headers
       # FYI: Jets as part of the rack processing normalizes the casing of these headers eventually.
       # IE: Access-Control-Allow-Methods
-      {
-        "access-control-allow-methods" => "OPTIONS,GET",
+      default = {
+        "access-control-allow-methods" => "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT",
         "access-control-allow-headers" => "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent",
       }
+      Jets.config.cors_preflight || default
     end
   end
 end

data/lib/jets/middleware/default_stack.rb CHANGED

@@ -8,8 +8,8 @@ module Jets::Middleware
     def build_stack
       Stack.new do |middleware|
-        middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
         middleware.use Rack::Runtime
+        middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
         middleware.use Rack::MethodOverride # must come before Middleware::Local for multipart post forms to work
         middleware.use Jets::Controller::Middleware::Local # mimics AWS Lambda for local server only
         middleware.use session_store, session_options # use session_store, session_options

data/lib/jets/resource/api_gateway/cors.rb CHANGED

@@ -14,12 +14,7 @@ module Jets::Resource::ApiGateway
             http_method: "OPTIONS",
             method_responses: [{
               status_code: '200',
-              response_parameters: {
-                "method.response.header.Access-Control-Allow-Origin": true,
-                "method.response.header.Access-Control-Allow-Headers": true,
-                "method.response.header.Access-Control-Allow-Methods": true,
-                "method.response.header.Access-Control-Allow-Credentials": true,
-              },
+              response_parameters: response_parameters(true),
               response_models: {},
             }],
             request_parameters: {},
@@ -30,12 +25,7 @@ module Jets::Resource::ApiGateway
               },
               integration_responses: [{
                 status_code: '200',
-                response_parameters: {
-                  "method.response.header.Access-Control-Allow-Origin": "'#{allow_origin}'",
-                  "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'",
-                  "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET'",
-                  "method.response.header.Access-Control-Allow-Credentials": "'false'",
-                },
+                response_parameters: response_parameters,
                 response_templates: {
                   "application/json": '',
                 },
@@ -46,6 +36,20 @@ module Jets::Resource::ApiGateway
       } # closes definition
     end
+    def response_parameters(method_response=false)
+      cors_headers.map do |k,v|
+        k = "method.response.header.#{k}"
+        v = method_response ? true : "'#{v}'" # surround value with single quotes
+        [k,v]
+      end.to_h
+    end
+    # Always the pre-flight headers in this case
+    def cors_headers
+      rack = Jets::Controller::Middleware::Cors.new(Jets.application)
+      rack.cors_headers(true)
+    end
     def cors_authorization_type
       Jets.config.api.cors_authorization_type || @route.authorization_type || "NONE"
     end
@@ -53,13 +57,5 @@ module Jets::Resource::ApiGateway
     def cors_logical_id
       "#{resource_logical_id}_cors_api_method"
     end
-    def allow_origin
-      if Jets.config.cors == true
-        '*'
-      elsif Jets.config.cors
-        Jets.config.cors
-      end
-    end
   end
 end

data/lib/jets/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Jets
-  VERSION = "1.6.8"
+  VERSION = "1.6.9"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jets
 version: !ruby/object:Gem::Version
-  version: 1.6.8
+  version: 1.6.9
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-02-03 00:00:00.000000000 Z
+date: 2019-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord