rack-cors 0.2.6 → 0.2.7

data/VERSION

@@ -1 +1 @@
-0.2.6
+0.2.7

data/lib/rack/cors.rb

@@ -49,7 +49,13 @@ module Rack
         end
       end
       status, headers, body = @app.call env
-      headers = headers.merge(cors_headers) if cors_headers
+      if cors_headers
+        headers = headers.merge(cors_headers)
+        unless headers['Access-Control-Allow-Origin'] == '*'
+          vary = headers['Vary']
+          headers['Vary'] = ((vary ? vary.split(/,\s*/) : []) + ['Origin']).uniq.join(', ')
+        end
+      end
       [status, headers, body]
     end
 

data/rack-cors.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "rack-cors"
-  s.version = "0.2.6"
+  s.version = "0.2.7"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Calvin Yu"]
-  s.date = "2012-04-26"
+  s.date = "2012-06-07"
   s.description = "Middleware that will make Rack-based apps CORS compatible.  Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the project here: http://github.com/cyu/rack-cors"
   s.email = "me@sourcebender.com"
   s.extra_rdoc_files = [
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/cyu/rack-cors"
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.23"
+  s.rubygems_version = "1.8.24"
   s.summary = "Middleware for enabling Cross-Origin Resource Sharing in Rack apps"
 
   if s.respond_to? :specification_version then

data/test/unit/cors_test.rb

@@ -43,6 +43,20 @@ class CorsTest < Test::Unit::TestCase
     assert_equal 'expose-test-1, expose-test-2', last_response.headers['Access-Control-Expose-Headers']
   end
 
+  should 'add Vary header if Access-Control-Allow-Origin header was added and if it is specific' do
+    cors_request '/', :origin => "http://192.168.0.3:8080"
+    assert_cors_success
+    assert_equal 'http://192.168.0.3:8080', last_response.headers['Access-Control-Allow-Origin']
+    assert_not_nil last_response.headers['Vary'], 'missing Vary header'
+  end
+
+  should 'not add Vary header if Access-Control-Allow-Origin header was added and if it is generic (*)' do
+    cors_request '/public_without_credentials', :origin => "http://192.168.1.3:8080"
+    assert_cors_success
+    assert_equal '*', last_response.headers['Access-Control-Allow-Origin']
+    assert_nil last_response.headers['Vary'], 'no expecting Vary header'
+  end
+
   context 'preflight requests' do
     should 'fail if origin is invalid' do
       preflight_request('http://allyourdataarebelongtous.com', '/')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.2.7
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-26 00:00:00.000000000 Z
+date: 2012-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -142,7 +142,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3665249374424350309
+      hash: -4990705370164666
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps