openstax_api 5.5.0 → 5.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/openstax/api/v1/api_controller.rb +10 -9
- data/lib/openstax/api/routing_mapper_includes.rb +6 -9
- data/lib/openstax/api/version.rb +1 -1
- data/spec/controllers/openstax/api/v1/api_controller_spec.rb +5 -2
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/test.log +1148 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2d8f7e030eb103725527b3e6b056169ce47e0cd2
|
4
|
+
data.tar.gz: d1f3cc36a20300fb330d94578e67d032afdf3a8b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 98f85a898b830672a936c98876cfa54838a4efca1f7421d6080da4cc2c728c5154ca6418dfc5c74f4eb6c30b5e40cf7819875f8dea89216e8b391b27a3cb854e
|
7
|
+
data.tar.gz: f2e0db018b2bb2e77e3304bfc0d3864e477e2c72b959bf32edd1b7da1a790b734e1becd0e407dbdd258fbf4761290dbefde080bdc276abcddbc883548e85c22c
|
@@ -22,8 +22,9 @@ module OpenStax
|
|
22
22
|
|
23
23
|
# Except for users logged in via a cookie, we can disable CSRF protection and enable CORS
|
24
24
|
skip_before_filter :verify_authenticity_token, unless: :session_user?
|
25
|
-
|
26
|
-
|
25
|
+
skip_before_filter :verify_authenticity_token, only: :options
|
26
|
+
before_filter :set_cors_preflight_headers, only: :options
|
27
|
+
after_filter :set_cors_headers
|
27
28
|
|
28
29
|
# Keep old current_user method so we can use it
|
29
30
|
alias_method :current_session_user, OpenStax::Api.configuration.current_user_method
|
@@ -44,6 +45,10 @@ module OpenStax
|
|
44
45
|
current_api_user.human_user
|
45
46
|
end
|
46
47
|
|
48
|
+
def options
|
49
|
+
head :ok
|
50
|
+
end
|
51
|
+
|
47
52
|
protected
|
48
53
|
|
49
54
|
def session_user?
|
@@ -68,13 +73,9 @@ module OpenStax
|
|
68
73
|
end
|
69
74
|
|
70
75
|
def set_cors_preflight_headers
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
headers['Access-Control-Max-Age'] = '1728000'
|
75
|
-
|
76
|
-
render :text => '', :content_type => 'text/plain'
|
77
|
-
end
|
76
|
+
headers['Access-Control-Allow-Origin'] = '*'
|
77
|
+
headers['Access-Control-Allow-Methods'] = 'GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS'
|
78
|
+
headers['Access-Control-Max-Age'] = '86400'
|
78
79
|
end
|
79
80
|
|
80
81
|
def set_cors_headers
|
@@ -7,18 +7,16 @@ module OpenStax
|
|
7
7
|
api_namespace = (options.delete(:namespace) || 'api').to_s
|
8
8
|
routing_error_app = options.delete(:routing_error_app) || \
|
9
9
|
OpenStax::Api.configuration.routing_error_app
|
10
|
-
constraints = Constraints.new(version: version,
|
11
|
-
default: options.delete(:default))
|
10
|
+
constraints = Constraints.new(version: version, default: options.delete(:default))
|
12
11
|
|
13
12
|
namespace api_namespace, defaults: {format: 'json'}.merge(options) do
|
14
|
-
scope(except: [:new, :edit],
|
15
|
-
|
16
|
-
constraints: constraints) do
|
17
|
-
get '/', to: '/apipie/apipies#index', defaults: {format: 'html', version: version.to_s}
|
13
|
+
scope(except: [:new, :edit], module: version, constraints: constraints) do
|
14
|
+
root to: '/apipie/apipies#index', defaults: {format: 'html', version: version.to_s}
|
18
15
|
|
19
16
|
yield
|
20
17
|
|
21
|
-
match '/*
|
18
|
+
match '/*options', via: [:options], to: '/openstax/api/v1/api#options'
|
19
|
+
match '/*other', via: [:all], to: routing_error_app
|
22
20
|
end
|
23
21
|
end
|
24
22
|
end
|
@@ -26,5 +24,4 @@ module OpenStax
|
|
26
24
|
end
|
27
25
|
end
|
28
26
|
|
29
|
-
ActionDispatch::Routing::Mapper.send :include,
|
30
|
-
OpenStax::Api::RoutingMapperIncludes
|
27
|
+
ActionDispatch::Routing::Mapper.send :include, OpenStax::Api::RoutingMapperIncludes
|
data/lib/openstax/api/version.rb
CHANGED
@@ -116,6 +116,7 @@ module OpenStax
|
|
116
116
|
it 'sets the CORS headers for anonymous users' do
|
117
117
|
get 'dummy'
|
118
118
|
expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
|
119
|
+
expect(response.headers['Access-Control-Allow-Credentials']).to be_nil
|
119
120
|
end
|
120
121
|
|
121
122
|
it 'sets the CORS headers for token users' do
|
@@ -123,12 +124,14 @@ module OpenStax
|
|
123
124
|
@request.headers['Authorization'] = "Bearer #{token}"
|
124
125
|
get 'dummy'
|
125
126
|
expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
|
127
|
+
expect(response.headers['Access-Control-Allow-Credentials']).to be_nil
|
126
128
|
end
|
127
129
|
|
128
|
-
it '
|
130
|
+
it 'sets the CORS headers for session users (the browser should block the request due to no Access-Control-Allow-Credentials header)' do
|
129
131
|
@controller.present_user = user
|
130
132
|
get 'dummy'
|
131
|
-
expect(response.headers['Access-Control-Allow-Origin']).to
|
133
|
+
expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
|
134
|
+
expect(response.headers['Access-Control-Allow-Credentials']).to be_nil
|
132
135
|
end
|
133
136
|
end
|
134
137
|
|
data/spec/dummy/db/test.sqlite3
CHANGED
Binary file
|