rack-cors 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7a4d5e6683440676f486ce61b3c16ff2e7c8f65e
-  data.tar.gz: be95c0c3dce56c965aff4b1cb398f2ad6fb4f6b3
+SHA256:
+  metadata.gz: fd2274b31c1fff80172aeae55b715d3adcc39c32665cf3fa85707fcedc2e7d02
+  data.tar.gz: 87790b6bbd36a084ea24af33694650c3a38ded6d85d43321edeee3f53b23c8c5
 SHA512:
-  metadata.gz: 8ae27dfd82bd822e700c476963118b15e68dee7850aaccb8b43a05670903f9f66217c8cd77dcf425f664581ecadf00eb43c1c1926648d97caf07c6d4a4dd0574
-  data.tar.gz: df278b2f1b3e6f0b01305d601fb58f2d41aef0579232d5ae27564be76483afdfb58b9219708d5a944c7db293025d7bacec4924dc63c06aefed2a7df4ad00e9ec
+  metadata.gz: 74899fd0bca2abc5498ea3172f9b7909f1d45f1c1f029c23e48f868533d7a71827574c307bc48a74c66e17a3046d387d48cf07a7de868e4dcf2ce057f894b2ec
+  data.tar.gz: 918f644a445522eb52dd065252e1fee13917225f40f44e1cfbe40a73864d60ca993db08228edb78bda5b920b84c371e417dc3965752fbda43bb7eb5e67553fa3

data/.travis.yml

@@ -1,6 +1,8 @@
 language: ruby
 sudo: false
 rvm:
-  - 2.2.5
-  - 2.3.0
-  - 2.3.1
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6

data/{CHANGELOG → CHANGELOG.md}

@@ -1,6 +1,34 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 1.1.0 - 2019-11-19
+### Changed
+- Use Rack::Utils.escape_path instead of Rack::Utils.escape
+- Require Rack 2.0 for escape_path method
+- Don't try to clean path if invalid.
+- Return 400 (Bad Request) on preflights with invalid path
+
+## 1.0.6 - 2019-11-14
+### Changed
+- Use Rack::Utils.escape to make compat with Rack 1.6.0
+
+## 1.0.5 - 2019-11-14
+### Changed
+- Update Gem spec to require rack >= 1.6.0
+
+## 1.0.4 - 2019-11-13
+### Security
+- Escape and resolve path before evaluating resource rules (thanks to Colby Morgan)
+
+## 1.0.3 - 2019-03-24
+### Changed
+- Don't send 'Content-Type' header with pre-flight requests
+- Allow ruby array for  vary header config
+
+## 1.0.2 - 2017-10-22
+### Fixed
+- Automatically allow simple headers when headers are set
+
 ## 1.0.1 - 2017-07-18
 ### Fixed
 - Allow lambda origin configuration

data/Gemfile

@@ -3,4 +3,4 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in rack-cors.gemspec
 gemspec
 
-gem 'pry-byebug'
+gem 'pry-byebug', '~> 3.6.0'

data/README.md

@@ -13,7 +13,7 @@ Install the gem:
 Or in your Gemfile:
 
 ```ruby
-gem 'rack-cors', :require => 'rack/cors'
+gem 'rack-cors'
 ```
 
 
@@ -25,7 +25,6 @@ Put something like the code below in `config/application.rb` of your Rails appli
 ```ruby
 module YourApp
   class Application < Rails::Application
-
     # ...
     
     # Rails 5
@@ -33,7 +32,7 @@ module YourApp
     config.middleware.insert_before 0, Rack::Cors do
       allow do
         origins '*'
-        resource '*', :headers => :any, :methods => [:get, :post, :options]
+        resource '*', headers: :any, methods: [:get, :post, :options]
       end
     end
 
@@ -42,15 +41,14 @@ module YourApp
     config.middleware.insert_before 0, "Rack::Cors" do
       allow do
         origins '*'
-        resource '*', :headers => :any, :methods => [:get, :post, :options]
+        resource '*', headers: :any, methods: [:get, :post, :options]
       end
     end
-    
   end
 end
 ```
 
-We use `insert_before` to make sure `Rack::Cors` runs at the beginning of the stack to make sure it isn't interfered with with other middleware (see `Rack::Cache` note in **Common Gotchas** section). Check out the [rails 4 example](https://github.com/cyu/rack-cors/tree/master/examples/rails4) and [rails 3 example](https://github.com/cyu/rack-cors/tree/master/examples/rails3).
+We use `insert_before` to make sure `Rack::Cors` runs at the beginning of the stack to make sure it isn't interfered with by other middleware (see `Rack::Cache` note in **Common Gotchas** section). Check out the [rails 4 example](https://github.com/cyu/rack-cors/tree/master/examples/rails4) and [rails 3 example](https://github.com/cyu/rack-cors/tree/master/examples/rails3).
 
 See The [Rails Guide to Rack](http://guides.rubyonrails.org/rails_on_rack.html) for more details on rack middlewares or watch the [railscast](http://railscasts.com/episodes/151-rack-middleware).
 
@@ -69,16 +67,22 @@ use Rack::Cors do
 
     resource '/file/list_all/', :headers => 'x-domain-token'
     resource '/file/at/*',
-        :methods => [:get, :post, :delete, :put, :patch, :options, :head],
-        :headers => 'x-domain-token',
-        :expose  => ['Some-Custom-Response-Header'],
-        :max_age => 600
+        methods: [:get, :post, :delete, :put, :patch, :options, :head],
+        headers: 'x-domain-token',
+        expose: ['Some-Custom-Response-Header'],
+        max_age: 600
         # headers to expose
   end
 
   allow do
     origins '*'
-    resource '/public/*', :headers => :any, :methods => :get
+    resource '/public/*', headers: :any, methods: :get
+
+    # Only allow a request for a specific host
+    resource '/api/v1/*',
+        headers: :any,
+        methods: :get,
+        if: proc { |env| env['HTTP_HOST'] == 'api.example.com' }
   end
 end
 ```

data/lib/rack/cors/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class Cors
-    VERSION = "1.0.2"
+    VERSION = "1.1.0"
   end
 end

data/lib/rack/cors.rb

@@ -16,10 +16,8 @@ module Rack
     # retaining the old key for backwards compatibility
     ENV_KEY     = 'rack.cors'.freeze
 
-    OPTIONS      = 'OPTIONS'.freeze
-    VARY         = 'Vary'.freeze
-    CONTENT_TYPE = 'Content-Type'.freeze
-    TEXT_PLAIN   = 'text/plain'.freeze
+    OPTIONS     = 'OPTIONS'.freeze
+    VARY        = 'Vary'.freeze
 
     DEFAULT_VARY_HEADERS = ['Origin'].freeze
 
@@ -66,24 +64,29 @@ module Rack
     def call(env)
       env[HTTP_ORIGIN] ||= env[HTTP_X_ORIGIN] if env[HTTP_X_ORIGIN]
 
+      path = evaluate_path(env)
+
       add_headers = nil
       if env[HTTP_ORIGIN]
         debug(env) do
           [ 'Incoming Headers:',
             "  Origin: #{env[HTTP_ORIGIN]}",
+            "  Path-Info: #{path}",
             "  Access-Control-Request-Method: #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]}",
             "  Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"
             ].join("\n")
         end
-        if env[REQUEST_METHOD] == OPTIONS and env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
-          headers = process_preflight(env)
+
+        if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
+          return [400, {}, []] unless Rack::Utils.valid_path?(path)
+          headers = process_preflight(env, path)
           debug(env) do
             "Preflight Headers:\n" +
                 headers.collect{|kv| "  #{kv.join(': ')}"}.join("\n")
           end
           return [200, headers, []]
         else
-          add_headers = process_cors(env)
+          add_headers = process_cors(env, path)
         end
       else
         Result.miss(env, Result::MISS_NO_ORIGIN)
@@ -92,7 +95,7 @@ module Rack
       # This call must be done BEFORE calling the app because for some reason
       # env[PATH_INFO] gets changed after that and it won't match. (At least
       # in rails 4.1.6)
-      vary_resource = resource_for_path(env[PATH_INFO])
+      vary_resource = resource_for_path(path)
 
       status, headers, body = @app.call env
 
@@ -117,7 +120,7 @@ module Rack
         else
           DEFAULT_VARY_HEADERS
         end
-        headers[VARY] = ((vary ? vary.split(/,\s*/) : []) + cors_vary_headers).uniq.join(', ')
+        headers[VARY] = ((vary ? ([vary].flatten.map { |v| v.split(/,\s*/) }.flatten) : []) + cors_vary_headers).uniq.join(', ')
       end
 
       if debug? && result = env[RACK_CORS]
@@ -149,14 +152,28 @@ module Rack
         end
       end
 
+      def evaluate_path(env)
+        path = env[PATH_INFO]
+
+        if path
+          path = Rack::Utils.unescape_path(path)
+
+          if Rack::Utils.valid_path?(path)
+            path = Rack::Utils.clean_path_info(path)
+          end
+        end
+
+        path
+      end
+
       def all_resources
         @all_resources ||= []
       end
 
-      def process_preflight(env)
+      def process_preflight(env, path)
         result = Result.preflight(env)
 
-        resource, error = match_resource(env)
+        resource, error = match_resource(path, env)
         unless resource
           result.miss(error)
           return {}
@@ -165,8 +182,8 @@ module Rack
         return resource.process_preflight(env, result)
       end
 
-      def process_cors(env)
-        resource, error = match_resource(env)
+      def process_cors(env, path)
+        resource, error = match_resource(path, env)
         if resource
           Result.hit(env)
           cors = resource.to_headers(env)
@@ -187,8 +204,7 @@ module Rack
         nil
       end
 
-      def match_resource(env)
-        path   = env[PATH_INFO]
+      def match_resource(path, env)
         origin = env[HTTP_ORIGIN]
 
         origin_matched = false
@@ -332,7 +348,7 @@ module Rack
 
           self.path         = path
           self.credentials  = public_resource ? false : (opts[:credentials] == true)
-          self.max_age      = opts[:max_age] || 1728000
+          self.max_age      = opts[:max_age] || 7200
           self.pattern      = compile(path)
           self.if_proc      = opts[:if]
           self.vary_headers = opts[:vary] && [opts[:vary]].flatten
@@ -363,7 +379,7 @@ module Rack
         end
 
         def process_preflight(env, result)
-          headers = {CONTENT_TYPE => TEXT_PLAIN}
+          headers = {}
 
           request_method = env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
           if request_method.nil?

data/rack-cors.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.version       = Rack::Cors::VERSION
   spec.authors       = ["Calvin Yu"]
   spec.email         = ["me@sourcebender.com"]
-  spec.description   = %q{Middleware that will make Rack-based apps CORS compatible.  Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the project here: https://github.com/cyu/rack-cors}
+  spec.description   = %q{Middleware that will make Rack-based apps CORS compatible. Fork the project here: https://github.com/cyu/rack-cors}
   spec.summary       = %q{Middleware for enabling Cross-Origin Resource Sharing in Rack apps}
   spec.homepage      = "https://github.com/cyu/rack-cors"
   spec.license       = "MIT"
@@ -18,9 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest", ">= 5.3.0"
-  spec.add_development_dependency "mocha", ">= 0.14.0"
-  spec.add_development_dependency "rack-test", ">= 0"
+  spec.add_dependency "rack", ">= 2.0.0"
+  spec.add_development_dependency "bundler", ">= 1.16.0", '< 3'
+  spec.add_development_dependency "rake", "~> 12.3.0"
+  spec.add_development_dependency "minitest", "~> 5.11.0"
+  spec.add_development_dependency "mocha", "~> 1.6.0"
+  spec.add_development_dependency "rack-test", "~> 1.1.0"
 end

data/test/cors/test.cors.coffee

@@ -12,6 +12,11 @@ describe 'CORS', ->
       expect(data).to.eql('Hello world')
       done()
 
+  it 'should allow PATCH access to dynamic resource', (done) ->
+    $.ajax("http://#{CORS_SERVER}/", type: 'PATCH').done (data, textStatus, jqXHR) ->
+      expect(data).to.eql('Hello world')
+      done()
+
   it 'should allow HEAD access to dynamic resource', (done) ->
     $.ajax("http://#{CORS_SERVER}/", type: 'HEAD').done (data, textStatus, jqXHR) ->
       expect(jqXHR.status).to.eql(200)

data/test/cors/test.cors.js

@@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.6
+// Generated by CoffeeScript 2.3.1
 (function() {
   var CORS_SERVER;
 
@@ -6,21 +6,29 @@
 
   describe('CORS', function() {
     it('should allow access to dynamic resource', function(done) {
-      return $.get("http://" + CORS_SERVER + "/", function(data, status, xhr) {
+      return $.get(`http://${CORS_SERVER}/`, function(data, status, xhr) {
         expect(data).to.eql('Hello world');
         return done();
       });
     });
     it('should allow PUT access to dynamic resource', function(done) {
-      return $.ajax("http://" + CORS_SERVER + "/", {
+      return $.ajax(`http://${CORS_SERVER}/`, {
         type: 'PUT'
       }).done(function(data, textStatus, jqXHR) {
         expect(data).to.eql('Hello world');
         return done();
       });
     });
+    it('should allow PATCH access to dynamic resource', function(done) {
+      return $.ajax(`http://${CORS_SERVER}/`, {
+        type: 'PATCH'
+      }).done(function(data, textStatus, jqXHR) {
+        expect(data).to.eql('Hello world');
+        return done();
+      });
+    });
     it('should allow HEAD access to dynamic resource', function(done) {
-      return $.ajax("http://" + CORS_SERVER + "/", {
+      return $.ajax(`http://${CORS_SERVER}/`, {
         type: 'HEAD'
       }).done(function(data, textStatus, jqXHR) {
         expect(jqXHR.status).to.eql(200);
@@ -28,7 +36,7 @@
       });
     });
     it('should allow DELETE access to dynamic resource', function(done) {
-      return $.ajax("http://" + CORS_SERVER + "/", {
+      return $.ajax(`http://${CORS_SERVER}/`, {
         type: 'DELETE'
       }).done(function(data, textStatus, jqXHR) {
         expect(data).to.eql('Hello world');
@@ -36,7 +44,7 @@
       });
     });
     it('should allow OPTIONS access to dynamic resource', function(done) {
-      return $.ajax("http://" + CORS_SERVER + "/", {
+      return $.ajax(`http://${CORS_SERVER}/`, {
         type: 'OPTIONS'
       }).done(function(data, textStatus, jqXHR) {
         expect(jqXHR.status).to.eql(200);
@@ -44,7 +52,7 @@
       });
     });
     it('should allow access to static resource', function(done) {
-      return $.get("http://" + CORS_SERVER + "/static.txt", function(data, status, xhr) {
+      return $.get(`http://${CORS_SERVER}/static.txt`, function(data, status, xhr) {
         expect($.trim(data)).to.eql("hello world");
         return done();
       });
@@ -52,7 +60,7 @@
     return it('should allow post resource', function(done) {
       return $.ajax({
         type: 'POST',
-        url: "http://" + CORS_SERVER + "/cors",
+        url: `http://${CORS_SERVER}/cors`,
         beforeSend: function(xhr) {
           return xhr.setRequestHeader('X-Requested-With', 'XMLHTTPRequest');
         },

data/test/unit/cors_test.rb

@@ -19,11 +19,11 @@ end
 
 module MiniTest::Assertions
   def assert_cors_success(response)
-  	assert !response.headers['Access-Control-Allow-Origin'].nil?, "Expected a successful CORS response"
+    assert !response.headers['Access-Control-Allow-Origin'].nil?, "Expected a successful CORS response"
   end
 
   def assert_not_cors_success(response)
-  	assert response.headers['Access-Control-Allow-Origin'].nil?, "Expected a failed CORS response"
+    assert response.headers['Access-Control-Allow-Origin'].nil?, "Expected a failed CORS response"
   end
 end
 
@@ -40,6 +40,18 @@ class CaptureResult
   end
 end
 
+class FakeProxy
+  def initialize(app, options =  {})
+    @app = app
+  end
+
+  def call(env)
+    status, headers, body = @app.call(env)
+    headers['Vary'] = %w(Origin User-Agent)
+    [status, headers, body]
+  end
+end
+
 Rack::MockResponse.infect_an_assertion :assert_cors_success, :must_render_cors_success, :only_one_argument
 Rack::MockResponse.infect_an_assertion :assert_not_cors_success, :wont_render_cors_success, :only_one_argument
 
@@ -48,11 +60,12 @@ describe Rack::Cors do
 
   attr_accessor :cors_result
 
-  def load_app(name)
+  def load_app(name, options = {})
     test = self
     Rack::Builder.new do
       use CaptureResult, :holder => test
       eval File.read(File.dirname(__FILE__) + "/#{name}.ru")
+      use FakeProxy if options[:proxy]
       map('/') do
         run proc { |env|
           [200, {'Content-Type' => 'text/html'}, ['success']]
@@ -133,6 +146,21 @@ describe Rack::Cors do
     last_response.headers['Vary'].must_equal 'Origin, Host'
   end
 
+  it "decode URL and resolve paths before resource matching" do
+    header 'Origin', 'http://localhost:3000'
+    get '/public/a/..%2F..%2Fprivate/stuff'
+    last_response.wont_render_cors_success
+  end
+
+  describe 'with array of upstream Vary headers' do
+    let(:app) { load_app('test', { proxy: true }) }
+
+    it 'should add to them' do
+      successful_cors_request '/vary_test'
+      last_response.headers['Vary'].must_equal 'Origin, User-Agent, Host'
+    end
+  end
+
   it 'should add Vary header if Access-Control-Allow-Origin header was added and if it is specific' do
     successful_cors_request '/', :origin => "http://192.168.0.3:8080"
     last_response.headers['Access-Control-Allow-Origin'].must_equal 'http://192.168.0.3:8080'
@@ -244,6 +272,19 @@ describe Rack::Cors do
         cors.call({'HTTP_ORIGIN' => 'test.com'})
       end
     end
+
+    it 'should use Logger if none is set' do
+      app = mock
+      app.stubs(:call).returns([200, {}, ['']])
+
+      logger = mock
+      Logger.expects(:new).returns(logger)
+      logger.expects(:tap).returns(logger)
+      logger.expects(:debug)
+
+      cors = Rack::Cors.new(app, :debug => true) {}
+      cors.call({'HTTP_ORIGIN' => 'test.com'})
+    end
   end
 
   describe 'preflight requests' do
@@ -280,6 +321,11 @@ describe Rack::Cors do
       last_response.must_render_cors_success
     end
 
+    it 'allows PATCH method' do
+      preflight_request('http://localhost:3000', '/', :methods => [ :patch ])
+      last_response.must_render_cors_success
+    end
+
     it 'should allow header case insensitive match' do
       preflight_request('http://localhost:3000', '/single_header', :headers => 'X-Domain-Token')
       last_response.must_render_cors_success
@@ -313,12 +359,6 @@ describe Rack::Cors do
       last_response.headers['Access-Control-Allow-Origin'].must_equal 'file://'
     end
 
-    it 'should return a Content-Type' do
-      preflight_request('http://localhost:3000', '/')
-      last_response.must_render_cors_success
-      last_response.headers['Content-Type'].wont_be_nil
-    end
-
     describe '' do
 
       let(:app) do
@@ -332,7 +372,7 @@ describe Rack::Cors do
             end
           end
           map('/') do
-            run ->(env) { [500, {'Content-Type' => 'text/plain'}, ['FAIL!']] }
+            run ->(env) { [500, {}, ['FAIL!']] }
           end
         end
       end
@@ -389,7 +429,7 @@ describe Rack::Cors do
           end
         end
         map('/') do
-          run ->(env) { [200, {'Content-Type' => 'text/plain', 'Access-Control-Allow-Origin' => 'http://foo.net'}, ['success']] }
+          run ->(env) { [200, {'Access-Control-Allow-Origin' => 'http://foo.net'}, ['success']] }
         end
       end
     end

data/test/unit/test.ru

@@ -19,6 +19,7 @@ use Rack::Cors do
     resource '/expose_multiple_headers', :expose => %w{expose-test-1 expose-test-2}
     resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
     resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
+    resource '/patch_test', :methods => :patch
     # resource '/file/at/*',
     #     :methods => [:get, :post, :put, :delete],
     #     :headers => :any,
@@ -40,6 +41,7 @@ use Rack::Cors do
   allow do
     origins '*'
     resource '/public'
+    resource '/public/*'
     resource '/public_without_credentials', :credentials => false
   end
 

metadata

@@ -1,87 +1,106 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.1.0
 platform: ruby
 authors:
 - Calvin Yu
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-22 00:00:00.000000000 Z
+date: 2019-11-20 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.16.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.16.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.3.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.11.0
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: 1.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
-description: 'Middleware that will make Rack-based apps CORS compatible.  Read more
-  here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the
+        version: 1.1.0
+description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
   project here: https://github.com/cyu/rack-cors'
 email:
 - me@sourcebender.com
@@ -90,7 +109,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".travis.yml"
-- CHANGELOG
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -128,8 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps