rack-cors 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-cors might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/rack/cors.rb +14 -6
- data/lib/rack/cors/version.rb +1 -1
- data/test/unit/cors_test.rb +49 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a4d5e6683440676f486ce61b3c16ff2e7c8f65e
|
|
4
|
+
data.tar.gz: be95c0c3dce56c965aff4b1cb398f2ad6fb4f6b3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8ae27dfd82bd822e700c476963118b15e68dee7850aaccb8b43a05670903f9f66217c8cd77dcf425f664581ecadf00eb43c1c1926648d97caf07c6d4a4dd0574
|
|
7
|
+
data.tar.gz: df278b2f1b3e6f0b01305d601fb58f2d41aef0579232d5ae27564be76483afdfb58b9219708d5a944c7db293025d7bacec4924dc63c06aefed2a7df4ad00e9ec
|
data/lib/rack/cors.rb
CHANGED
|
@@ -23,6 +23,10 @@ module Rack
|
|
|
23
23
|
|
|
24
24
|
DEFAULT_VARY_HEADERS = ['Origin'].freeze
|
|
25
25
|
|
|
26
|
+
# All CORS routes need to accept CORS simple headers at all times
|
|
27
|
+
# {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers}
|
|
28
|
+
CORS_SIMPLE_HEADERS = ['accept', 'accept-language', 'content-language', 'content-type'].freeze
|
|
29
|
+
|
|
26
30
|
def initialize(app, opts={}, &block)
|
|
27
31
|
@app = app
|
|
28
32
|
@debug_mode = !!opts[:debug]
|
|
@@ -134,7 +138,7 @@ module Rack
|
|
|
134
138
|
@logger_proc = nil
|
|
135
139
|
logger_proc.call
|
|
136
140
|
|
|
137
|
-
elsif defined?(Rails) && Rails.logger
|
|
141
|
+
elsif defined?(Rails) && Rails.respond_to?(:logger) && Rails.logger
|
|
138
142
|
Rails.logger
|
|
139
143
|
|
|
140
144
|
elsif env[RACK_LOGGER]
|
|
@@ -155,7 +159,7 @@ module Rack
|
|
|
155
159
|
resource, error = match_resource(env)
|
|
156
160
|
unless resource
|
|
157
161
|
result.miss(error)
|
|
158
|
-
return {}
|
|
162
|
+
return {}
|
|
159
163
|
end
|
|
160
164
|
|
|
161
165
|
return resource.process_preflight(env, result)
|
|
@@ -407,10 +411,14 @@ module Rack
|
|
|
407
411
|
end
|
|
408
412
|
|
|
409
413
|
def allow_headers?(request_headers)
|
|
410
|
-
|
|
411
|
-
headers == :any
|
|
412
|
-
|
|
413
|
-
|
|
414
|
+
headers = self.headers || []
|
|
415
|
+
if headers == :any
|
|
416
|
+
return true
|
|
417
|
+
end
|
|
418
|
+
request_headers = request_headers.split(/,\s*/) if request_headers.kind_of?(String)
|
|
419
|
+
request_headers.all? do |header|
|
|
420
|
+
header = header.downcase
|
|
421
|
+
CORS_SIMPLE_HEADERS.include?(header) || headers.include?(header)
|
|
414
422
|
end
|
|
415
423
|
end
|
|
416
424
|
|
data/lib/rack/cors/version.rb
CHANGED
data/test/unit/cors_test.rb
CHANGED
|
@@ -16,7 +16,7 @@ end
|
|
|
16
16
|
Rack::Test::Methods.class_eval do
|
|
17
17
|
def_delegator :current_session, :options
|
|
18
18
|
end
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
module MiniTest::Assertions
|
|
21
21
|
def assert_cors_success(response)
|
|
22
22
|
assert !response.headers['Access-Control-Allow-Origin'].nil?, "Expected a successful CORS response"
|
|
@@ -405,6 +405,54 @@ describe Rack::Cors do
|
|
|
405
405
|
end
|
|
406
406
|
end
|
|
407
407
|
|
|
408
|
+
describe 'with headers set to nil' do
|
|
409
|
+
let(:app) do
|
|
410
|
+
Rack::Builder.new do
|
|
411
|
+
use Rack::Cors do
|
|
412
|
+
allow do
|
|
413
|
+
origins '*'
|
|
414
|
+
resource '/', headers: nil
|
|
415
|
+
end
|
|
416
|
+
end
|
|
417
|
+
map('/') do
|
|
418
|
+
run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
|
|
419
|
+
end
|
|
420
|
+
end
|
|
421
|
+
end
|
|
422
|
+
|
|
423
|
+
it 'should succeed with CORS simple headers' do
|
|
424
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept')
|
|
425
|
+
last_response.must_render_cors_success
|
|
426
|
+
end
|
|
427
|
+
end
|
|
428
|
+
|
|
429
|
+
describe 'with custom allowed headers' do
|
|
430
|
+
let(:app) do
|
|
431
|
+
Rack::Builder.new do
|
|
432
|
+
use Rack::Cors do
|
|
433
|
+
allow do
|
|
434
|
+
origins '*'
|
|
435
|
+
resource '/', headers: []
|
|
436
|
+
end
|
|
437
|
+
end
|
|
438
|
+
map('/') do
|
|
439
|
+
run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
|
|
440
|
+
end
|
|
441
|
+
end
|
|
442
|
+
end
|
|
443
|
+
|
|
444
|
+
it 'should succeed with CORS simple headers' do
|
|
445
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept')
|
|
446
|
+
last_response.must_render_cors_success
|
|
447
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept-Language')
|
|
448
|
+
last_response.must_render_cors_success
|
|
449
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Content-Type')
|
|
450
|
+
last_response.must_render_cors_success
|
|
451
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Content-Language')
|
|
452
|
+
last_response.must_render_cors_success
|
|
453
|
+
end
|
|
454
|
+
end
|
|
455
|
+
|
|
408
456
|
protected
|
|
409
457
|
def cors_request(*args)
|
|
410
458
|
path = args.first.is_a?(String) ? args.first : '/'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Calvin Yu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|