rack-cors 1.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-cors might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yaml +39 -0
- data/.rubocop.yml +31 -0
- data/{CHANGELOG → CHANGELOG.md} +47 -0
- data/Gemfile +3 -1
- data/README.md +68 -43
- data/Rakefile +5 -4
- data/lib/rack/cors/resource.rb +142 -0
- data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
- data/lib/rack/cors/resources.rb +62 -0
- data/lib/rack/cors/result.rb +63 -0
- data/lib/rack/cors/version.rb +3 -1
- data/lib/rack/cors.rb +110 -336
- data/rack-cors.gemspec +20 -16
- data/test/.rubocop.yml +8 -0
- data/test/cors/test.cors.coffee +9 -2
- data/test/cors/test.cors.js +22 -10
- data/test/unit/cors_test.rb +251 -136
- data/test/unit/dsl_test.rb +30 -29
- data/test/unit/insecure.ru +2 -0
- data/test/unit/non_http.ru +2 -0
- data/test/unit/test.ru +29 -18
- metadata +80 -27
- data/.travis.yml +0 -6
data/test/unit/dsl_test.rb
CHANGED
@@ -1,69 +1,70 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rubygems'
|
2
4
|
require 'minitest/autorun'
|
3
5
|
require 'rack/cors'
|
4
6
|
|
5
|
-
|
6
7
|
describe Rack::Cors, 'DSL' do
|
7
8
|
it 'should support explicit config object dsl mode' do
|
8
|
-
cors = Rack::Cors.new(
|
9
|
+
cors = Rack::Cors.new(proc {}) do |cfg|
|
9
10
|
cfg.allow do |allow|
|
10
|
-
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
11
|
-
source ==
|
12
|
-
|
11
|
+
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
12
|
+
source == 'http://10.10.10.10:3000' &&
|
13
|
+
env['USER_AGENT'] == 'test-agent'
|
13
14
|
end
|
14
|
-
allow.resource '/get-only', :
|
15
|
-
allow.resource '/', :
|
15
|
+
allow.resource '/get-only', methods: :get
|
16
|
+
allow.resource '/', headers: :any
|
16
17
|
end
|
17
18
|
end
|
18
19
|
resources = cors.send :all_resources
|
19
20
|
|
20
|
-
resources.length.must_equal 1
|
21
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
22
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
23
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
24
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
21
|
+
_(resources.length).must_equal 1
|
22
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
23
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
24
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
25
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
25
26
|
end
|
26
27
|
|
27
28
|
it 'should support implicit config object dsl mode' do
|
28
|
-
cors = Rack::Cors.new(
|
29
|
+
cors = Rack::Cors.new(proc {}) do
|
29
30
|
allow do
|
30
|
-
origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
31
|
-
source ==
|
32
|
-
|
31
|
+
origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
32
|
+
source == 'http://10.10.10.10:3000' &&
|
33
|
+
env['USER_AGENT'] == 'test-agent'
|
33
34
|
end
|
34
|
-
resource '/get-only', :
|
35
|
-
resource '/', :
|
35
|
+
resource '/get-only', methods: :get
|
36
|
+
resource '/', headers: :any
|
36
37
|
end
|
37
38
|
end
|
38
39
|
resources = cors.send :all_resources
|
39
40
|
|
40
|
-
resources.length.must_equal 1
|
41
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
42
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
43
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
44
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
41
|
+
_(resources.length).must_equal 1
|
42
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
43
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
44
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
45
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
45
46
|
end
|
46
47
|
|
47
48
|
it 'should support "file://" origin' do
|
48
|
-
cors = Rack::Cors.new(
|
49
|
+
cors = Rack::Cors.new(proc {}) do
|
49
50
|
allow do
|
50
51
|
origins 'file://'
|
51
|
-
resource '/', :
|
52
|
+
resource '/', headers: :any
|
52
53
|
end
|
53
54
|
end
|
54
55
|
resources = cors.send :all_resources
|
55
56
|
|
56
|
-
resources.first.allow_origin?('file://').must_equal true
|
57
|
+
_(resources.first.allow_origin?('file://')).must_equal true
|
57
58
|
end
|
58
59
|
|
59
60
|
it 'should default credentials option to false' do
|
60
|
-
cors = Rack::Cors.new(
|
61
|
+
cors = Rack::Cors.new(proc {}) do
|
61
62
|
allow do
|
62
63
|
origins 'example.net'
|
63
|
-
resource '/', :
|
64
|
+
resource '/', headers: :any
|
64
65
|
end
|
65
66
|
end
|
66
67
|
resources = cors.send :all_resources
|
67
|
-
resources.first.resources.first.credentials.must_equal false
|
68
|
+
_(resources.first.resources.first.credentials).must_equal false
|
68
69
|
end
|
69
70
|
end
|
data/test/unit/insecure.ru
CHANGED
data/test/unit/non_http.ru
CHANGED
data/test/unit/test.ru
CHANGED
@@ -1,24 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rack/cors'
|
2
4
|
|
3
|
-
#use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
5
|
+
# use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
4
6
|
use Rack::Lint
|
5
7
|
use Rack::Cors do
|
6
8
|
allow do
|
7
9
|
origins 'localhost:3000',
|
8
10
|
'127.0.0.1:3000',
|
9
|
-
|
11
|
+
%r{http://192\.168\.0\.\d{1,3}(:\d+)?},
|
10
12
|
'file://',
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
resource '/', :
|
15
|
-
resource '/
|
16
|
-
resource '/
|
17
|
-
resource '/
|
18
|
-
resource '/
|
19
|
-
resource '/
|
20
|
-
resource '/
|
21
|
-
resource '/
|
13
|
+
%r{http://(.*?)\.example\.com},
|
14
|
+
'custom-protocol://abcdefg'
|
15
|
+
|
16
|
+
resource '/get-only', methods: :get
|
17
|
+
resource '/', headers: :any, methods: :any
|
18
|
+
resource '/options', methods: :options
|
19
|
+
resource '/single_header', headers: 'x-domain-token'
|
20
|
+
resource '/two_headers', headers: %w[x-domain-token x-requested-with]
|
21
|
+
resource '/expose_single_header', expose: 'expose-test'
|
22
|
+
resource '/expose_multiple_headers', expose: %w[expose-test-1 expose-test-2]
|
23
|
+
resource '/conditional', methods: :get, if: proc { |env| !!env['HTTP_X_OK'] }
|
24
|
+
resource '/vary_test', methods: :get, vary: %w[Origin Host]
|
25
|
+
resource '/patch_test', methods: :patch
|
26
|
+
resource '/wildcard/*', methods: :any
|
22
27
|
# resource '/file/at/*',
|
23
28
|
# :methods => [:get, :post, :put, :delete],
|
24
29
|
# :headers => :any,
|
@@ -26,26 +31,32 @@ use Rack::Cors do
|
|
26
31
|
end
|
27
32
|
|
28
33
|
allow do
|
29
|
-
origins do |source,
|
30
|
-
source.end_with?(
|
34
|
+
origins do |source, _env|
|
35
|
+
source.end_with?('10.10.10.10:3000')
|
31
36
|
end
|
32
37
|
resource '/proc-origin'
|
33
38
|
end
|
34
39
|
|
40
|
+
allow do
|
41
|
+
origins ->(source, _env) { source.end_with?('10.10.10.10:3000') }
|
42
|
+
resource '/lambda-origin'
|
43
|
+
end
|
44
|
+
|
35
45
|
allow do
|
36
46
|
origins '*'
|
37
47
|
resource '/public'
|
38
|
-
resource '/
|
48
|
+
resource '/public/*'
|
49
|
+
resource '/public_without_credentials', credentials: false
|
39
50
|
end
|
40
51
|
|
41
52
|
allow do
|
42
53
|
origins 'mucho-grande.com'
|
43
|
-
resource '/multi-allow-config', :
|
54
|
+
resource '/multi-allow-config', max_age: 600
|
44
55
|
end
|
45
56
|
|
46
57
|
allow do
|
47
58
|
origins '*'
|
48
|
-
resource '/multi-allow-config', :
|
59
|
+
resource '/multi-allow-config', max_age: 300, credentials: false
|
49
60
|
end
|
50
61
|
|
51
62
|
allow do
|
metadata
CHANGED
@@ -1,87 +1,134 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-cors
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Calvin Yu
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-03-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: rack
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
20
|
-
type: :
|
19
|
+
version: 2.0.0
|
20
|
+
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 2.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 1.16.0
|
34
|
+
- - "<"
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '3'
|
34
37
|
type: :development
|
35
38
|
prerelease: false
|
36
39
|
version_requirements: !ruby/object:Gem::Requirement
|
37
40
|
requirements:
|
38
41
|
- - ">="
|
39
42
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
43
|
+
version: 1.16.0
|
44
|
+
- - "<"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '3'
|
41
47
|
- !ruby/object:Gem::Dependency
|
42
48
|
name: minitest
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
44
50
|
requirements:
|
45
|
-
- - "
|
51
|
+
- - "~>"
|
46
52
|
- !ruby/object:Gem::Version
|
47
|
-
version: 5.
|
53
|
+
version: 5.11.0
|
48
54
|
type: :development
|
49
55
|
prerelease: false
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
51
57
|
requirements:
|
52
|
-
- - "
|
58
|
+
- - "~>"
|
53
59
|
- !ruby/object:Gem::Version
|
54
|
-
version: 5.
|
60
|
+
version: 5.11.0
|
55
61
|
- !ruby/object:Gem::Dependency
|
56
62
|
name: mocha
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
58
64
|
requirements:
|
59
|
-
- - "
|
65
|
+
- - "~>"
|
60
66
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
67
|
+
version: 1.6.0
|
62
68
|
type: :development
|
63
69
|
prerelease: false
|
64
70
|
version_requirements: !ruby/object:Gem::Requirement
|
65
71
|
requirements:
|
66
|
-
- - "
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: 1.6.0
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: pry
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - "~>"
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0.12'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - "~>"
|
67
87
|
- !ruby/object:Gem::Version
|
68
|
-
version: 0.
|
88
|
+
version: '0.12'
|
69
89
|
- !ruby/object:Gem::Dependency
|
70
90
|
name: rack-test
|
71
91
|
requirement: !ruby/object:Gem::Requirement
|
72
92
|
requirements:
|
73
93
|
- - ">="
|
74
94
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
95
|
+
version: 1.1.0
|
76
96
|
type: :development
|
77
97
|
prerelease: false
|
78
98
|
version_requirements: !ruby/object:Gem::Requirement
|
79
99
|
requirements:
|
80
100
|
- - ">="
|
81
101
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
83
|
-
|
84
|
-
|
102
|
+
version: 1.1.0
|
103
|
+
- !ruby/object:Gem::Dependency
|
104
|
+
name: rake
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - "~>"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 12.3.0
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: 12.3.0
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: rubocop
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: 0.80.1
|
124
|
+
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - "~>"
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: 0.80.1
|
131
|
+
description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
|
85
132
|
project here: https://github.com/cyu/rack-cors'
|
86
133
|
email:
|
87
134
|
- me@sourcebender.com
|
@@ -89,15 +136,21 @@ executables: []
|
|
89
136
|
extensions: []
|
90
137
|
extra_rdoc_files: []
|
91
138
|
files:
|
92
|
-
- ".
|
93
|
-
-
|
139
|
+
- ".github/workflows/ci.yaml"
|
140
|
+
- ".rubocop.yml"
|
141
|
+
- CHANGELOG.md
|
94
142
|
- Gemfile
|
95
143
|
- LICENSE.txt
|
96
144
|
- README.md
|
97
145
|
- Rakefile
|
98
146
|
- lib/rack/cors.rb
|
147
|
+
- lib/rack/cors/resource.rb
|
148
|
+
- lib/rack/cors/resources.rb
|
149
|
+
- lib/rack/cors/resources/cors_misconfiguration_error.rb
|
150
|
+
- lib/rack/cors/result.rb
|
99
151
|
- lib/rack/cors/version.rb
|
100
152
|
- rack-cors.gemspec
|
153
|
+
- test/.rubocop.yml
|
101
154
|
- test/cors/expect.js
|
102
155
|
- test/cors/mocha.css
|
103
156
|
- test/cors/mocha.js
|
@@ -128,12 +181,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
128
181
|
- !ruby/object:Gem::Version
|
129
182
|
version: '0'
|
130
183
|
requirements: []
|
131
|
-
|
132
|
-
rubygems_version: 2.5.2
|
184
|
+
rubygems_version: 3.3.26
|
133
185
|
signing_key:
|
134
186
|
specification_version: 4
|
135
187
|
summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
|
136
188
|
test_files:
|
189
|
+
- test/.rubocop.yml
|
137
190
|
- test/cors/expect.js
|
138
191
|
- test/cors/mocha.css
|
139
192
|
- test/cors/mocha.js
|