rack-cors 0.4.1 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-cors might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yaml +39 -0
- data/.rubocop.yml +31 -0
- data/CHANGELOG.md +99 -0
- data/Gemfile +3 -1
- data/README.md +68 -43
- data/Rakefile +5 -4
- data/lib/rack/cors/resource.rb +142 -0
- data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
- data/lib/rack/cors/resources.rb +62 -0
- data/lib/rack/cors/result.rb +63 -0
- data/lib/rack/cors/version.rb +3 -1
- data/lib/rack/cors.rb +124 -323
- data/rack-cors.gemspec +20 -16
- data/test/.rubocop.yml +8 -0
- data/test/cors/test.cors.coffee +9 -2
- data/test/cors/test.cors.js +22 -10
- data/test/unit/cors_test.rb +303 -120
- data/test/unit/dsl_test.rb +38 -26
- data/test/unit/insecure.ru +10 -0
- data/test/unit/non_http.ru +2 -0
- data/test/unit/test.ru +34 -18
- metadata +82 -27
- data/.travis.yml +0 -6
- data/CHANGELOG +0 -34
data/test/cors/test.cors.coffee
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
CORS_SERVER = '
|
|
1
|
+
CORS_SERVER = '127.0.0.1.xip.io:3000'
|
|
2
|
+
|
|
3
|
+
mocha.setup({ignoreLeaks: true});
|
|
2
4
|
|
|
3
5
|
describe 'CORS', ->
|
|
4
6
|
|
|
@@ -12,6 +14,11 @@ describe 'CORS', ->
|
|
|
12
14
|
expect(data).to.eql('Hello world')
|
|
13
15
|
done()
|
|
14
16
|
|
|
17
|
+
it 'should allow PATCH access to dynamic resource', (done) ->
|
|
18
|
+
$.ajax("http://#{CORS_SERVER}/", type: 'PATCH').done (data, textStatus, jqXHR) ->
|
|
19
|
+
expect(data).to.eql('Hello world')
|
|
20
|
+
done()
|
|
21
|
+
|
|
15
22
|
it 'should allow HEAD access to dynamic resource', (done) ->
|
|
16
23
|
$.ajax("http://#{CORS_SERVER}/", type: 'HEAD').done (data, textStatus, jqXHR) ->
|
|
17
24
|
expect(jqXHR.status).to.eql(200)
|
|
@@ -29,7 +36,7 @@ describe 'CORS', ->
|
|
|
29
36
|
|
|
30
37
|
it 'should allow access to static resource', (done) ->
|
|
31
38
|
$.get "http://#{CORS_SERVER}/static.txt", (data, status, xhr) ->
|
|
32
|
-
expect($.trim(data)).to.eql("
|
|
39
|
+
expect($.trim(data)).to.eql("Hello world")
|
|
33
40
|
done()
|
|
34
41
|
|
|
35
42
|
it 'should allow post resource', (done) ->
|
data/test/cors/test.cors.js
CHANGED
|
@@ -1,26 +1,38 @@
|
|
|
1
|
-
// Generated by CoffeeScript
|
|
1
|
+
// Generated by CoffeeScript 2.3.1
|
|
2
2
|
(function() {
|
|
3
3
|
var CORS_SERVER;
|
|
4
4
|
|
|
5
|
-
CORS_SERVER = '
|
|
5
|
+
CORS_SERVER = '127.0.0.1.xip.io:3000';
|
|
6
|
+
|
|
7
|
+
mocha.setup({
|
|
8
|
+
ignoreLeaks: true
|
|
9
|
+
});
|
|
6
10
|
|
|
7
11
|
describe('CORS', function() {
|
|
8
12
|
it('should allow access to dynamic resource', function(done) {
|
|
9
|
-
return $.get(
|
|
13
|
+
return $.get(`http://${CORS_SERVER}/`, function(data, status, xhr) {
|
|
10
14
|
expect(data).to.eql('Hello world');
|
|
11
15
|
return done();
|
|
12
16
|
});
|
|
13
17
|
});
|
|
14
18
|
it('should allow PUT access to dynamic resource', function(done) {
|
|
15
|
-
return $.ajax(
|
|
19
|
+
return $.ajax(`http://${CORS_SERVER}/`, {
|
|
16
20
|
type: 'PUT'
|
|
17
21
|
}).done(function(data, textStatus, jqXHR) {
|
|
18
22
|
expect(data).to.eql('Hello world');
|
|
19
23
|
return done();
|
|
20
24
|
});
|
|
21
25
|
});
|
|
26
|
+
it('should allow PATCH access to dynamic resource', function(done) {
|
|
27
|
+
return $.ajax(`http://${CORS_SERVER}/`, {
|
|
28
|
+
type: 'PATCH'
|
|
29
|
+
}).done(function(data, textStatus, jqXHR) {
|
|
30
|
+
expect(data).to.eql('Hello world');
|
|
31
|
+
return done();
|
|
32
|
+
});
|
|
33
|
+
});
|
|
22
34
|
it('should allow HEAD access to dynamic resource', function(done) {
|
|
23
|
-
return $.ajax(
|
|
35
|
+
return $.ajax(`http://${CORS_SERVER}/`, {
|
|
24
36
|
type: 'HEAD'
|
|
25
37
|
}).done(function(data, textStatus, jqXHR) {
|
|
26
38
|
expect(jqXHR.status).to.eql(200);
|
|
@@ -28,7 +40,7 @@
|
|
|
28
40
|
});
|
|
29
41
|
});
|
|
30
42
|
it('should allow DELETE access to dynamic resource', function(done) {
|
|
31
|
-
return $.ajax(
|
|
43
|
+
return $.ajax(`http://${CORS_SERVER}/`, {
|
|
32
44
|
type: 'DELETE'
|
|
33
45
|
}).done(function(data, textStatus, jqXHR) {
|
|
34
46
|
expect(data).to.eql('Hello world');
|
|
@@ -36,7 +48,7 @@
|
|
|
36
48
|
});
|
|
37
49
|
});
|
|
38
50
|
it('should allow OPTIONS access to dynamic resource', function(done) {
|
|
39
|
-
return $.ajax(
|
|
51
|
+
return $.ajax(`http://${CORS_SERVER}/`, {
|
|
40
52
|
type: 'OPTIONS'
|
|
41
53
|
}).done(function(data, textStatus, jqXHR) {
|
|
42
54
|
expect(jqXHR.status).to.eql(200);
|
|
@@ -44,15 +56,15 @@
|
|
|
44
56
|
});
|
|
45
57
|
});
|
|
46
58
|
it('should allow access to static resource', function(done) {
|
|
47
|
-
return $.get(
|
|
48
|
-
expect($.trim(data)).to.eql("
|
|
59
|
+
return $.get(`http://${CORS_SERVER}/static.txt`, function(data, status, xhr) {
|
|
60
|
+
expect($.trim(data)).to.eql("Hello world");
|
|
49
61
|
return done();
|
|
50
62
|
});
|
|
51
63
|
});
|
|
52
64
|
return it('should allow post resource', function(done) {
|
|
53
65
|
return $.ajax({
|
|
54
66
|
type: 'POST',
|
|
55
|
-
url:
|
|
67
|
+
url: `http://${CORS_SERVER}/cors`,
|
|
56
68
|
beforeSend: function(xhr) {
|
|
57
69
|
return xhr.setRequestHeader('X-Requested-With', 'XMLHTTPRequest');
|
|
58
70
|
},
|