rack-cors 0.4.1 → 2.0.1

data/test/unit/dsl_test.rb

@@ -1,58 +1,70 @@
+# frozen_string_literal: true
+
 require 'rubygems'
 require 'minitest/autorun'
 require 'rack/cors'
 
-
 describe Rack::Cors, 'DSL' do
   it 'should support explicit config object dsl mode' do
-    cors = Rack::Cors.new(Proc.new {}) do |cfg|
+    cors = Rack::Cors.new(proc {}) do |cfg|
       cfg.allow do |allow|
-        allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
-          source == "http://10.10.10.10:3000" &&
-          env["USER_AGENT"] == "test-agent"
+        allow.origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
+          source == 'http://10.10.10.10:3000' &&
+            env['USER_AGENT'] == 'test-agent'
         end
-        allow.resource '/get-only', :methods => :get
-        allow.resource '/', :headers => :any
+        allow.resource '/get-only', methods: :get
+        allow.resource '/', headers: :any
       end
     end
     resources = cors.send :all_resources
 
-    resources.length.must_equal 1
-    resources.first.allow_origin?('http://localhost:3000').must_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
+    _(resources.length).must_equal 1
+    _(resources.first.allow_origin?('http://localhost:3000')).must_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
   end
 
   it 'should support implicit config object dsl mode' do
-    cors = Rack::Cors.new(Proc.new {}) do
+    cors = Rack::Cors.new(proc {}) do
       allow do
-        origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
-          source == "http://10.10.10.10:3000" &&
-          env["USER_AGENT"] == "test-agent"
+        origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
+          source == 'http://10.10.10.10:3000' &&
+            env['USER_AGENT'] == 'test-agent'
         end
-        resource '/get-only', :methods => :get
-        resource '/', :headers => :any
+        resource '/get-only', methods: :get
+        resource '/', headers: :any
       end
     end
     resources = cors.send :all_resources
 
-    resources.length.must_equal 1
-    resources.first.allow_origin?('http://localhost:3000').must_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
-    resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
+    _(resources.length).must_equal 1
+    _(resources.first.allow_origin?('http://localhost:3000')).must_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
+    _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
   end
 
   it 'should support "file://" origin' do
-    cors = Rack::Cors.new(Proc.new {}) do
+    cors = Rack::Cors.new(proc {}) do
       allow do
         origins 'file://'
-        resource '/', :headers => :any
+        resource '/', headers: :any
       end
     end
     resources = cors.send :all_resources
 
-    resources.first.allow_origin?('file://').must_equal true
+    _(resources.first.allow_origin?('file://')).must_equal true
+  end
+
+  it 'should default credentials option to false' do
+    cors = Rack::Cors.new(proc {}) do
+      allow do
+        origins 'example.net'
+        resource '/', headers: :any
+      end
+    end
+    resources = cors.send :all_resources
+    _(resources.first.resources.first.credentials).must_equal false
   end
 end

data/test/unit/insecure.ru

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'rack/cors'
+
+use Rack::Cors do
+  allow do
+    origins '*'
+    resource '/public', credentials: true
+  end
+end

data/test/unit/non_http.ru

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack/cors'
 
 use Rack::Cors do

data/test/unit/test.ru

@@ -1,24 +1,29 @@
+# frozen_string_literal: true
+
 require 'rack/cors'
 
-#use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
+# use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
 use Rack::Lint
 use Rack::Cors do
   allow do
     origins 'localhost:3000',
             '127.0.0.1:3000',
-            /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/,
+            %r{http://192\.168\.0\.\d{1,3}(:\d+)?},
             'file://',
-            /http:\/\/(.*?)\.example\.com/
-
-    resource '/get-only', :methods => :get
-    resource '/', :headers => :any, :methods => :any
-    resource '/options', :methods => :options
-    resource '/single_header', :headers => 'x-domain-token'
-    resource '/two_headers', :headers => %w{x-domain-token x-requested-with}
-    resource '/expose_single_header', :expose => 'expose-test'
-    resource '/expose_multiple_headers', :expose => %w{expose-test-1 expose-test-2}
-    resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
-    resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
+            %r{http://(.*?)\.example\.com},
+            'custom-protocol://abcdefg'
+
+    resource '/get-only', methods: :get
+    resource '/', headers: :any, methods: :any
+    resource '/options', methods: :options
+    resource '/single_header', headers: 'x-domain-token'
+    resource '/two_headers', headers: %w[x-domain-token x-requested-with]
+    resource '/expose_single_header', expose: 'expose-test'
+    resource '/expose_multiple_headers', expose: %w[expose-test-1 expose-test-2]
+    resource '/conditional', methods: :get, if: proc { |env| !!env['HTTP_X_OK'] }
+    resource '/vary_test', methods: :get, vary: %w[Origin Host]
+    resource '/patch_test', methods: :patch
+    resource '/wildcard/*', methods: :any
     # resource '/file/at/*',
     #     :methods => [:get, :post, :put, :delete],
     #     :headers => :any,
@@ -26,25 +31,36 @@ use Rack::Cors do
   end
 
   allow do
-    origins do |source,env|
-      source.end_with?("10.10.10.10:3000")
+    origins do |source, _env|
+      source.end_with?('10.10.10.10:3000')
     end
     resource '/proc-origin'
   end
 
+  allow do
+    origins ->(source, _env) { source.end_with?('10.10.10.10:3000') }
+    resource '/lambda-origin'
+  end
+
   allow do
     origins '*'
     resource '/public'
-    resource '/public_without_credentials', :credentials => false
+    resource '/public/*'
+    resource '/public_without_credentials', credentials: false
   end
 
   allow do
     origins 'mucho-grande.com'
-    resource '/multi-allow-config', :max_age => 600
+    resource '/multi-allow-config', max_age: 600
   end
 
   allow do
     origins '*'
-    resource '/multi-allow-config', :max_age => 300, :credentials => false
+    resource '/multi-allow-config', max_age: 300, credentials: false
+  end
+
+  allow do
+    origins ''
+    resource '/blank-origin'
   end
 end

metadata

@@ -1,87 +1,134 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 2.0.1
 platform: ruby
 authors:
 - Calvin Yu
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-01 00:00:00.000000000 Z
+date: 2023-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
+        version: 2.0.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.16.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.16.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.11.0
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: 1.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-description: 'Middleware that will make Rack-based apps CORS compatible.  Read more
-  here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 12.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 12.3.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.80.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.80.1
+description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
   project here: https://github.com/cyu/rack-cors'
 email:
 - me@sourcebender.com
@@ -89,15 +136,21 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".travis.yml"
-- CHANGELOG
+- ".github/workflows/ci.yaml"
+- ".rubocop.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/rack/cors.rb
+- lib/rack/cors/resource.rb
+- lib/rack/cors/resources.rb
+- lib/rack/cors/resources/cors_misconfiguration_error.rb
+- lib/rack/cors/result.rb
 - lib/rack/cors/version.rb
 - rack-cors.gemspec
+- test/.rubocop.yml
 - test/cors/expect.js
 - test/cors/mocha.css
 - test/cors/mocha.js
@@ -106,6 +159,7 @@ files:
 - test/cors/test.cors.js
 - test/unit/cors_test.rb
 - test/unit/dsl_test.rb
+- test/unit/insecure.ru
 - test/unit/non_http.ru
 - test/unit/test.ru
 homepage: https://github.com/cyu/rack-cors
@@ -127,12 +181,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 3.3.26
 signing_key: 
 specification_version: 4
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
 test_files:
+- test/.rubocop.yml
 - test/cors/expect.js
 - test/cors/mocha.css
 - test/cors/mocha.js
@@ -141,5 +195,6 @@ test_files:
 - test/cors/test.cors.js
 - test/unit/cors_test.rb
 - test/unit/dsl_test.rb
+- test/unit/insecure.ru
 - test/unit/non_http.ru
 - test/unit/test.ru

data/.travis.yml

@@ -1,6 +0,0 @@
-language: ruby
-sudo: false
-rvm:
-  - 2.2.5
-  - 2.3.0
-  - 2.3.1

data/CHANGELOG

@@ -1,34 +0,0 @@
-# Change Log
-All notable changes to this project will be documented in this file.
-
-## 0.4.1 - 2017-02-01
-### Fixed
-- Return miss result in X-Rack-CORS instead of incorrectly returning preflight-hit
-
-## 0.4.0 - 2015-04-15
-### Changed
-- Don't set HTTP_ORIGIN with HTTP_X_ORIGIN if nil
-### Added
-- Calculate vary headers for non-CORS resources
-- Support custom vary headers for resource
-- Support :if option for resource
-- Support :any as a possible value for :methods option
-### Fixed
-- Don't symbolize incoming HTTP request methods
-
-## 0.3.1 - 2014-12-27
-### Changed
-- Changed the env key to rack.cors to avoid Rack::Lint warnings
-
-## 0.3.0 - 2014-10-19
-### Added
-- Added support for defining a logger with a Proc
-- Return a X-Rack-CORS header when in debug mode detailing how
-Rack::Cors processed a request
-- Added support for non HTTP/HTTPS origins when just a domain is
-is specified
-
-### Changed
-- Changed the log level of the fallback logger to DEBUG
-- Print warning when attempting to use :any as an allowed method
-- Treat incoming `Origin: null` headers as file://