rack-cors 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-cors might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/rack/cors.rb +14 -6
- data/lib/rack/cors/version.rb +1 -1
- data/test/unit/cors_test.rb +49 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a4d5e6683440676f486ce61b3c16ff2e7c8f65e
|
|
4
|
+
data.tar.gz: be95c0c3dce56c965aff4b1cb398f2ad6fb4f6b3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8ae27dfd82bd822e700c476963118b15e68dee7850aaccb8b43a05670903f9f66217c8cd77dcf425f664581ecadf00eb43c1c1926648d97caf07c6d4a4dd0574
|
|
7
|
+
data.tar.gz: df278b2f1b3e6f0b01305d601fb58f2d41aef0579232d5ae27564be76483afdfb58b9219708d5a944c7db293025d7bacec4924dc63c06aefed2a7df4ad00e9ec
|
data/lib/rack/cors.rb
CHANGED
|
@@ -23,6 +23,10 @@ module Rack
|
|
|
23
23
|
|
|
24
24
|
DEFAULT_VARY_HEADERS = ['Origin'].freeze
|
|
25
25
|
|
|
26
|
+
# All CORS routes need to accept CORS simple headers at all times
|
|
27
|
+
# {https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers}
|
|
28
|
+
CORS_SIMPLE_HEADERS = ['accept', 'accept-language', 'content-language', 'content-type'].freeze
|
|
29
|
+
|
|
26
30
|
def initialize(app, opts={}, &block)
|
|
27
31
|
@app = app
|
|
28
32
|
@debug_mode = !!opts[:debug]
|
|
@@ -134,7 +138,7 @@ module Rack
|
|
|
134
138
|
@logger_proc = nil
|
|
135
139
|
logger_proc.call
|
|
136
140
|
|
|
137
|
-
elsif defined?(Rails) && Rails.logger
|
|
141
|
+
elsif defined?(Rails) && Rails.respond_to?(:logger) && Rails.logger
|
|
138
142
|
Rails.logger
|
|
139
143
|
|
|
140
144
|
elsif env[RACK_LOGGER]
|
|
@@ -155,7 +159,7 @@ module Rack
|
|
|
155
159
|
resource, error = match_resource(env)
|
|
156
160
|
unless resource
|
|
157
161
|
result.miss(error)
|
|
158
|
-
return {}
|
|
162
|
+
return {}
|
|
159
163
|
end
|
|
160
164
|
|
|
161
165
|
return resource.process_preflight(env, result)
|
|
@@ -407,10 +411,14 @@ module Rack
|
|
|
407
411
|
end
|
|
408
412
|
|
|
409
413
|
def allow_headers?(request_headers)
|
|
410
|
-
|
|
411
|
-
headers == :any
|
|
412
|
-
|
|
413
|
-
|
|
414
|
+
headers = self.headers || []
|
|
415
|
+
if headers == :any
|
|
416
|
+
return true
|
|
417
|
+
end
|
|
418
|
+
request_headers = request_headers.split(/,\s*/) if request_headers.kind_of?(String)
|
|
419
|
+
request_headers.all? do |header|
|
|
420
|
+
header = header.downcase
|
|
421
|
+
CORS_SIMPLE_HEADERS.include?(header) || headers.include?(header)
|
|
414
422
|
end
|
|
415
423
|
end
|
|
416
424
|
|
data/lib/rack/cors/version.rb
CHANGED
data/test/unit/cors_test.rb
CHANGED
|
@@ -16,7 +16,7 @@ end
|
|
|
16
16
|
Rack::Test::Methods.class_eval do
|
|
17
17
|
def_delegator :current_session, :options
|
|
18
18
|
end
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
module MiniTest::Assertions
|
|
21
21
|
def assert_cors_success(response)
|
|
22
22
|
assert !response.headers['Access-Control-Allow-Origin'].nil?, "Expected a successful CORS response"
|
|
@@ -405,6 +405,54 @@ describe Rack::Cors do
|
|
|
405
405
|
end
|
|
406
406
|
end
|
|
407
407
|
|
|
408
|
+
describe 'with headers set to nil' do
|
|
409
|
+
let(:app) do
|
|
410
|
+
Rack::Builder.new do
|
|
411
|
+
use Rack::Cors do
|
|
412
|
+
allow do
|
|
413
|
+
origins '*'
|
|
414
|
+
resource '/', headers: nil
|
|
415
|
+
end
|
|
416
|
+
end
|
|
417
|
+
map('/') do
|
|
418
|
+
run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
|
|
419
|
+
end
|
|
420
|
+
end
|
|
421
|
+
end
|
|
422
|
+
|
|
423
|
+
it 'should succeed with CORS simple headers' do
|
|
424
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept')
|
|
425
|
+
last_response.must_render_cors_success
|
|
426
|
+
end
|
|
427
|
+
end
|
|
428
|
+
|
|
429
|
+
describe 'with custom allowed headers' do
|
|
430
|
+
let(:app) do
|
|
431
|
+
Rack::Builder.new do
|
|
432
|
+
use Rack::Cors do
|
|
433
|
+
allow do
|
|
434
|
+
origins '*'
|
|
435
|
+
resource '/', headers: []
|
|
436
|
+
end
|
|
437
|
+
end
|
|
438
|
+
map('/') do
|
|
439
|
+
run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
|
|
440
|
+
end
|
|
441
|
+
end
|
|
442
|
+
end
|
|
443
|
+
|
|
444
|
+
it 'should succeed with CORS simple headers' do
|
|
445
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept')
|
|
446
|
+
last_response.must_render_cors_success
|
|
447
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Accept-Language')
|
|
448
|
+
last_response.must_render_cors_success
|
|
449
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Content-Type')
|
|
450
|
+
last_response.must_render_cors_success
|
|
451
|
+
preflight_request('http://localhost:3000', '/', :headers => 'Content-Language')
|
|
452
|
+
last_response.must_render_cors_success
|
|
453
|
+
end
|
|
454
|
+
end
|
|
455
|
+
|
|
408
456
|
protected
|
|
409
457
|
def cors_request(*args)
|
|
410
458
|
path = args.first.is_a?(String) ? args.first : '/'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Calvin Yu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|