jets 1.6.8 → 1.6.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 58be2e98e5ac05eb8b721e2dd3561561ec887eda18bdf17baeb75b7f0e1b73bb
4
- data.tar.gz: ec9bad41783087450f9fac8f62f5032cefeb6be701fb1f774ed1277adccdc7e4
3
+ metadata.gz: 0d5b38763f2bc3d91c65b0b75084f98bd8ee7902522fdf6cf70951876f9a4f24
4
+ data.tar.gz: d57bfc2a503614d78a8bcfba3418c966a93e72e93f5ee27e59ed5b058878fb1a
5
5
  SHA512:
6
- metadata.gz: 874405e9a58ac61ed2688ef853b0bad7008cec7b1799581de581607ca2af4d7524ba6ede39c1805c906bb960375192b7736b177f673115a41fbe964b4ae3528f
7
- data.tar.gz: 44b70405f81f129a3f4aeb928e7afb4d1702ab2d671d22344cbd87a8be183667468d345a3a536a45d2047a1721bbafc463adfe98b9001dee4fc57f7e61ce4f08
6
+ metadata.gz: b383844f584768ec4229921889bc33dc9314f49d873ab9338632930c675c770c5bc0c55ff3116a042a8d10a02d5950cf55797a9fb9d4f635cb5ab8a92b2b2df4
7
+ data.tar.gz: ff0a50321768af088978d13a9367285327c568314628c5e5317510e5bb09e89fe0d89f810535ceed44bf531f32cef3a0daf013dca94153f752ef6f35413af49f
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [1.6.9]
7
+ - #184 improve default cors options request access-control-allow-methods
8
+
6
9
  ## [1.6.8]
7
10
  - #181 cors middleware
8
11
  - #182 more robust handler shim
@@ -11,7 +11,7 @@ GIT
11
11
  PATH
12
12
  remote: .
13
13
  specs:
14
- jets (1.6.8)
14
+ jets (1.6.9)
15
15
  activerecord (~> 5.2.1)
16
16
  activesupport (~> 5.2.1)
17
17
  aws-sdk-apigateway
@@ -22,7 +22,6 @@ module Jets::Controller::Middleware
22
22
  [status, headers, body]
23
23
  end
24
24
 
25
- private
26
25
  def cors_headers(preflight=false)
27
26
  headers = case Jets.config.cors
28
27
  when true
@@ -45,15 +44,17 @@ module Jets::Controller::Middleware
45
44
  headers
46
45
  end
47
46
 
47
+ private
48
48
  # Preflight OPTIONS request has extra headers.
49
49
  # This is only used locally. Remotely on AWS Lambda, OPTIONS requests are handled by an API Gateway Method.
50
50
  def preflight_headers
51
51
  # FYI: Jets as part of the rack processing normalizes the casing of these headers eventually.
52
52
  # IE: Access-Control-Allow-Methods
53
- {
54
- "access-control-allow-methods" => "OPTIONS,GET",
53
+ default = {
54
+ "access-control-allow-methods" => "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT",
55
55
  "access-control-allow-headers" => "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent",
56
56
  }
57
+ Jets.config.cors_preflight || default
57
58
  end
58
59
  end
59
60
  end
@@ -8,8 +8,8 @@ module Jets::Middleware
8
8
 
9
9
  def build_stack
10
10
  Stack.new do |middleware|
11
- middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
12
11
  middleware.use Rack::Runtime
12
+ middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
13
13
  middleware.use Rack::MethodOverride # must come before Middleware::Local for multipart post forms to work
14
14
  middleware.use Jets::Controller::Middleware::Local # mimics AWS Lambda for local server only
15
15
  middleware.use session_store, session_options # use session_store, session_options
@@ -14,12 +14,7 @@ module Jets::Resource::ApiGateway
14
14
  http_method: "OPTIONS",
15
15
  method_responses: [{
16
16
  status_code: '200',
17
- response_parameters: {
18
- "method.response.header.Access-Control-Allow-Origin": true,
19
- "method.response.header.Access-Control-Allow-Headers": true,
20
- "method.response.header.Access-Control-Allow-Methods": true,
21
- "method.response.header.Access-Control-Allow-Credentials": true,
22
- },
17
+ response_parameters: response_parameters(true),
23
18
  response_models: {},
24
19
  }],
25
20
  request_parameters: {},
@@ -30,12 +25,7 @@ module Jets::Resource::ApiGateway
30
25
  },
31
26
  integration_responses: [{
32
27
  status_code: '200',
33
- response_parameters: {
34
- "method.response.header.Access-Control-Allow-Origin": "'#{allow_origin}'",
35
- "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'",
36
- "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET'",
37
- "method.response.header.Access-Control-Allow-Credentials": "'false'",
38
- },
28
+ response_parameters: response_parameters,
39
29
  response_templates: {
40
30
  "application/json": '',
41
31
  },
@@ -46,6 +36,20 @@ module Jets::Resource::ApiGateway
46
36
  } # closes definition
47
37
  end
48
38
 
39
+ def response_parameters(method_response=false)
40
+ cors_headers.map do |k,v|
41
+ k = "method.response.header.#{k}"
42
+ v = method_response ? true : "'#{v}'" # surround value with single quotes
43
+ [k,v]
44
+ end.to_h
45
+ end
46
+
47
+ # Always the pre-flight headers in this case
48
+ def cors_headers
49
+ rack = Jets::Controller::Middleware::Cors.new(Jets.application)
50
+ rack.cors_headers(true)
51
+ end
52
+
49
53
  def cors_authorization_type
50
54
  Jets.config.api.cors_authorization_type || @route.authorization_type || "NONE"
51
55
  end
@@ -53,13 +57,5 @@ module Jets::Resource::ApiGateway
53
57
  def cors_logical_id
54
58
  "#{resource_logical_id}_cors_api_method"
55
59
  end
56
-
57
- def allow_origin
58
- if Jets.config.cors == true
59
- '*'
60
- elsif Jets.config.cors
61
- Jets.config.cors
62
- end
63
- end
64
60
  end
65
61
  end
@@ -1,3 +1,3 @@
1
1
  module Jets
2
- VERSION = "1.6.8"
2
+ VERSION = "1.6.9"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jets
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.8
4
+ version: 1.6.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-02-03 00:00:00.000000000 Z
11
+ date: 2019-02-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord