jets 1.6.8 → 1.6.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58be2e98e5ac05eb8b721e2dd3561561ec887eda18bdf17baeb75b7f0e1b73bb
-  data.tar.gz: ec9bad41783087450f9fac8f62f5032cefeb6be701fb1f774ed1277adccdc7e4
+  metadata.gz: 0d5b38763f2bc3d91c65b0b75084f98bd8ee7902522fdf6cf70951876f9a4f24
+  data.tar.gz: d57bfc2a503614d78a8bcfba3418c966a93e72e93f5ee27e59ed5b058878fb1a
 SHA512:
-  metadata.gz: 874405e9a58ac61ed2688ef853b0bad7008cec7b1799581de581607ca2af4d7524ba6ede39c1805c906bb960375192b7736b177f673115a41fbe964b4ae3528f
-  data.tar.gz: 44b70405f81f129a3f4aeb928e7afb4d1702ab2d671d22344cbd87a8be183667468d345a3a536a45d2047a1721bbafc463adfe98b9001dee4fc57f7e61ce4f08
+  metadata.gz: b383844f584768ec4229921889bc33dc9314f49d873ab9338632930c675c770c5bc0c55ff3116a042a8d10a02d5950cf55797a9fb9d4f635cb5ab8a92b2b2df4
+  data.tar.gz: ff0a50321768af088978d13a9367285327c568314628c5e5317510e5bb09e89fe0d89f810535ceed44bf531f32cef3a0daf013dca94153f752ef6f35413af49f

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [1.6.9]
+- #184 improve default cors options request access-control-allow-methods
+
 ## [1.6.8]
 - #181 cors middleware
 - #182 more robust handler shim

data/Gemfile.lock

@@ -11,7 +11,7 @@ GIT
 PATH
   remote: .
   specs:
-    jets (1.6.8)
+    jets (1.6.9)
       activerecord (~> 5.2.1)
       activesupport (~> 5.2.1)
       aws-sdk-apigateway

data/lib/jets/controller/middleware/cors.rb

@@ -22,7 +22,6 @@ module Jets::Controller::Middleware
       [status, headers, body]
     end
 
-  private
     def cors_headers(preflight=false)
       headers = case Jets.config.cors
       when true
@@ -45,15 +44,17 @@ module Jets::Controller::Middleware
       headers
     end
 
+  private
     # Preflight OPTIONS request has extra headers.
     # This is only used locally. Remotely on AWS Lambda, OPTIONS requests are handled by an API Gateway Method.
     def preflight_headers
       # FYI: Jets as part of the rack processing normalizes the casing of these headers eventually.
       # IE: Access-Control-Allow-Methods
-      {
-        "access-control-allow-methods" => "OPTIONS,GET",
+      default = {
+        "access-control-allow-methods" => "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT",
         "access-control-allow-headers" => "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent",
       }
+      Jets.config.cors_preflight || default
     end
   end
 end

data/lib/jets/middleware/default_stack.rb

@@ -8,8 +8,8 @@ module Jets::Middleware
 
     def build_stack
       Stack.new do |middleware|
-        middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
         middleware.use Rack::Runtime
+        middleware.use Jets::Controller::Middleware::Cors if cors_enabled?
         middleware.use Rack::MethodOverride # must come before Middleware::Local for multipart post forms to work
         middleware.use Jets::Controller::Middleware::Local # mimics AWS Lambda for local server only
         middleware.use session_store, session_options # use session_store, session_options

data/lib/jets/resource/api_gateway/cors.rb

@@ -14,12 +14,7 @@ module Jets::Resource::ApiGateway
             http_method: "OPTIONS",
             method_responses: [{
               status_code: '200',
-              response_parameters: {
-                "method.response.header.Access-Control-Allow-Origin": true,
-                "method.response.header.Access-Control-Allow-Headers": true,
-                "method.response.header.Access-Control-Allow-Methods": true,
-                "method.response.header.Access-Control-Allow-Credentials": true,
-              },
+              response_parameters: response_parameters(true),
               response_models: {},
             }],
             request_parameters: {},
@@ -30,12 +25,7 @@ module Jets::Resource::ApiGateway
               },
               integration_responses: [{
                 status_code: '200',
-                response_parameters: {
-                  "method.response.header.Access-Control-Allow-Origin": "'#{allow_origin}'",
-                  "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'",
-                  "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET'",
-                  "method.response.header.Access-Control-Allow-Credentials": "'false'",
-                },
+                response_parameters: response_parameters,
                 response_templates: {
                   "application/json": '',
                 },
@@ -46,6 +36,20 @@ module Jets::Resource::ApiGateway
       } # closes definition
     end
 
+    def response_parameters(method_response=false)
+      cors_headers.map do |k,v|
+        k = "method.response.header.#{k}"
+        v = method_response ? true : "'#{v}'" # surround value with single quotes
+        [k,v]
+      end.to_h
+    end
+
+    # Always the pre-flight headers in this case
+    def cors_headers
+      rack = Jets::Controller::Middleware::Cors.new(Jets.application)
+      rack.cors_headers(true)
+    end
+
     def cors_authorization_type
       Jets.config.api.cors_authorization_type || @route.authorization_type || "NONE"
     end
@@ -53,13 +57,5 @@ module Jets::Resource::ApiGateway
     def cors_logical_id
       "#{resource_logical_id}_cors_api_method"
     end
-
-    def allow_origin
-      if Jets.config.cors == true
-        '*'
-      elsif Jets.config.cors
-        Jets.config.cors
-      end
-    end
   end
 end

data/lib/jets/version.rb

@@ -1,3 +1,3 @@
 module Jets
-  VERSION = "1.6.8"
+  VERSION = "1.6.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jets
 version: !ruby/object:Gem::Version
-  version: 1.6.8
+  version: 1.6.9
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-03 00:00:00.000000000 Z
+date: 2019-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord