rack-cors 1.0.5 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-cors might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yaml +39 -0
- data/.rubocop.yml +31 -0
- data/CHANGELOG.md +26 -0
- data/Gemfile +2 -0
- data/README.md +56 -35
- data/Rakefile +5 -4
- data/lib/rack/cors/resource.rb +142 -0
- data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
- data/lib/rack/cors/resources.rb +62 -0
- data/lib/rack/cors/result.rb +63 -0
- data/lib/rack/cors/version.rb +3 -1
- data/lib/rack/cors.rb +105 -346
- data/rack-cors.gemspec +20 -17
- data/test/.rubocop.yml +8 -0
- data/test/cors/test.cors.coffee +4 -2
- data/test/cors/test.cors.js +6 -2
- data/test/unit/cors_test.rb +174 -156
- data/test/unit/dsl_test.rb +30 -29
- data/test/unit/insecure.ru +2 -0
- data/test/unit/non_http.ru +2 -0
- data/test/unit/test.ru +24 -20
- metadata +52 -17
- data/.travis.yml +0 -8
data/test/unit/dsl_test.rb
CHANGED
@@ -1,69 +1,70 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rubygems'
|
2
4
|
require 'minitest/autorun'
|
3
5
|
require 'rack/cors'
|
4
6
|
|
5
|
-
|
6
7
|
describe Rack::Cors, 'DSL' do
|
7
8
|
it 'should support explicit config object dsl mode' do
|
8
|
-
cors = Rack::Cors.new(
|
9
|
+
cors = Rack::Cors.new(proc {}) do |cfg|
|
9
10
|
cfg.allow do |allow|
|
10
|
-
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
11
|
-
source ==
|
12
|
-
|
11
|
+
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
12
|
+
source == 'http://10.10.10.10:3000' &&
|
13
|
+
env['USER_AGENT'] == 'test-agent'
|
13
14
|
end
|
14
|
-
allow.resource '/get-only', :
|
15
|
-
allow.resource '/', :
|
15
|
+
allow.resource '/get-only', methods: :get
|
16
|
+
allow.resource '/', headers: :any
|
16
17
|
end
|
17
18
|
end
|
18
19
|
resources = cors.send :all_resources
|
19
20
|
|
20
|
-
resources.length.must_equal 1
|
21
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
22
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
23
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
24
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
21
|
+
_(resources.length).must_equal 1
|
22
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
23
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
24
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
25
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
25
26
|
end
|
26
27
|
|
27
28
|
it 'should support implicit config object dsl mode' do
|
28
|
-
cors = Rack::Cors.new(
|
29
|
+
cors = Rack::Cors.new(proc {}) do
|
29
30
|
allow do
|
30
|
-
origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
31
|
-
source ==
|
32
|
-
|
31
|
+
origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
32
|
+
source == 'http://10.10.10.10:3000' &&
|
33
|
+
env['USER_AGENT'] == 'test-agent'
|
33
34
|
end
|
34
|
-
resource '/get-only', :
|
35
|
-
resource '/', :
|
35
|
+
resource '/get-only', methods: :get
|
36
|
+
resource '/', headers: :any
|
36
37
|
end
|
37
38
|
end
|
38
39
|
resources = cors.send :all_resources
|
39
40
|
|
40
|
-
resources.length.must_equal 1
|
41
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
42
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
43
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
44
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
41
|
+
_(resources.length).must_equal 1
|
42
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
43
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
44
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
45
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
45
46
|
end
|
46
47
|
|
47
48
|
it 'should support "file://" origin' do
|
48
|
-
cors = Rack::Cors.new(
|
49
|
+
cors = Rack::Cors.new(proc {}) do
|
49
50
|
allow do
|
50
51
|
origins 'file://'
|
51
|
-
resource '/', :
|
52
|
+
resource '/', headers: :any
|
52
53
|
end
|
53
54
|
end
|
54
55
|
resources = cors.send :all_resources
|
55
56
|
|
56
|
-
resources.first.allow_origin?('file://').must_equal true
|
57
|
+
_(resources.first.allow_origin?('file://')).must_equal true
|
57
58
|
end
|
58
59
|
|
59
60
|
it 'should default credentials option to false' do
|
60
|
-
cors = Rack::Cors.new(
|
61
|
+
cors = Rack::Cors.new(proc {}) do
|
61
62
|
allow do
|
62
63
|
origins 'example.net'
|
63
|
-
resource '/', :
|
64
|
+
resource '/', headers: :any
|
64
65
|
end
|
65
66
|
end
|
66
67
|
resources = cors.send :all_resources
|
67
|
-
resources.first.resources.first.credentials.must_equal false
|
68
|
+
_(resources.first.resources.first.credentials).must_equal false
|
68
69
|
end
|
69
70
|
end
|
data/test/unit/insecure.ru
CHANGED
data/test/unit/non_http.ru
CHANGED
data/test/unit/test.ru
CHANGED
@@ -1,25 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rack/cors'
|
2
4
|
|
3
|
-
#use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
5
|
+
# use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
4
6
|
use Rack::Lint
|
5
7
|
use Rack::Cors do
|
6
8
|
allow do
|
7
9
|
origins 'localhost:3000',
|
8
10
|
'127.0.0.1:3000',
|
9
|
-
|
11
|
+
%r{http://192\.168\.0\.\d{1,3}(:\d+)?},
|
10
12
|
'file://',
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
resource '/', :
|
15
|
-
resource '/
|
16
|
-
resource '/
|
17
|
-
resource '/
|
18
|
-
resource '/
|
19
|
-
resource '/
|
20
|
-
resource '/
|
21
|
-
resource '/
|
22
|
-
resource '/
|
13
|
+
%r{http://(.*?)\.example\.com},
|
14
|
+
'custom-protocol://abcdefg'
|
15
|
+
|
16
|
+
resource '/get-only', methods: :get
|
17
|
+
resource '/', headers: :any, methods: :any
|
18
|
+
resource '/options', methods: :options
|
19
|
+
resource '/single_header', headers: 'x-domain-token'
|
20
|
+
resource '/two_headers', headers: %w[x-domain-token x-requested-with]
|
21
|
+
resource '/expose_single_header', expose: 'expose-test'
|
22
|
+
resource '/expose_multiple_headers', expose: %w[expose-test-1 expose-test-2]
|
23
|
+
resource '/conditional', methods: :get, if: proc { |env| !!env['HTTP_X_OK'] }
|
24
|
+
resource '/vary_test', methods: :get, vary: %w[Origin Host]
|
25
|
+
resource '/patch_test', methods: :patch
|
26
|
+
resource '/wildcard/*', methods: :any
|
23
27
|
# resource '/file/at/*',
|
24
28
|
# :methods => [:get, :post, :put, :delete],
|
25
29
|
# :headers => :any,
|
@@ -27,14 +31,14 @@ use Rack::Cors do
|
|
27
31
|
end
|
28
32
|
|
29
33
|
allow do
|
30
|
-
origins do |source,
|
31
|
-
source.end_with?(
|
34
|
+
origins do |source, _env|
|
35
|
+
source.end_with?('10.10.10.10:3000')
|
32
36
|
end
|
33
37
|
resource '/proc-origin'
|
34
38
|
end
|
35
39
|
|
36
40
|
allow do
|
37
|
-
origins ->
|
41
|
+
origins ->(source, _env) { source.end_with?('10.10.10.10:3000') }
|
38
42
|
resource '/lambda-origin'
|
39
43
|
end
|
40
44
|
|
@@ -42,17 +46,17 @@ use Rack::Cors do
|
|
42
46
|
origins '*'
|
43
47
|
resource '/public'
|
44
48
|
resource '/public/*'
|
45
|
-
resource '/public_without_credentials', :
|
49
|
+
resource '/public_without_credentials', credentials: false
|
46
50
|
end
|
47
51
|
|
48
52
|
allow do
|
49
53
|
origins 'mucho-grande.com'
|
50
|
-
resource '/multi-allow-config', :
|
54
|
+
resource '/multi-allow-config', max_age: 600
|
51
55
|
end
|
52
56
|
|
53
57
|
allow do
|
54
58
|
origins '*'
|
55
|
-
resource '/multi-allow-config', :
|
59
|
+
resource '/multi-allow-config', max_age: 300, credentials: false
|
56
60
|
end
|
57
61
|
|
58
62
|
allow do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-cors
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Calvin Yu
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-03-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 2.0.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 2.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -45,61 +45,89 @@ dependencies:
|
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '3'
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
|
-
name:
|
48
|
+
name: minitest
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version:
|
53
|
+
version: 5.11.0
|
54
54
|
type: :development
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version:
|
60
|
+
version: 5.11.0
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
|
-
name:
|
62
|
+
name: mocha
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
64
64
|
requirements:
|
65
65
|
- - "~>"
|
66
66
|
- !ruby/object:Gem::Version
|
67
|
-
version:
|
67
|
+
version: 1.6.0
|
68
68
|
type: :development
|
69
69
|
prerelease: false
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
71
71
|
requirements:
|
72
72
|
- - "~>"
|
73
73
|
- !ruby/object:Gem::Version
|
74
|
-
version:
|
74
|
+
version: 1.6.0
|
75
75
|
- !ruby/object:Gem::Dependency
|
76
|
-
name:
|
76
|
+
name: pry
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
78
78
|
requirements:
|
79
79
|
- - "~>"
|
80
80
|
- !ruby/object:Gem::Version
|
81
|
-
version:
|
81
|
+
version: '0.12'
|
82
82
|
type: :development
|
83
83
|
prerelease: false
|
84
84
|
version_requirements: !ruby/object:Gem::Requirement
|
85
85
|
requirements:
|
86
86
|
- - "~>"
|
87
87
|
- !ruby/object:Gem::Version
|
88
|
-
version:
|
88
|
+
version: '0.12'
|
89
89
|
- !ruby/object:Gem::Dependency
|
90
90
|
name: rack-test
|
91
91
|
requirement: !ruby/object:Gem::Requirement
|
92
92
|
requirements:
|
93
|
-
- - "
|
93
|
+
- - ">="
|
94
94
|
- !ruby/object:Gem::Version
|
95
95
|
version: 1.1.0
|
96
96
|
type: :development
|
97
97
|
prerelease: false
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
99
99
|
requirements:
|
100
|
-
- - "
|
100
|
+
- - ">="
|
101
101
|
- !ruby/object:Gem::Version
|
102
102
|
version: 1.1.0
|
103
|
+
- !ruby/object:Gem::Dependency
|
104
|
+
name: rake
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - "~>"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 12.3.0
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: 12.3.0
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: rubocop
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: 0.80.1
|
124
|
+
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - "~>"
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: 0.80.1
|
103
131
|
description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
|
104
132
|
project here: https://github.com/cyu/rack-cors'
|
105
133
|
email:
|
@@ -108,15 +136,21 @@ executables: []
|
|
108
136
|
extensions: []
|
109
137
|
extra_rdoc_files: []
|
110
138
|
files:
|
111
|
-
- ".
|
139
|
+
- ".github/workflows/ci.yaml"
|
140
|
+
- ".rubocop.yml"
|
112
141
|
- CHANGELOG.md
|
113
142
|
- Gemfile
|
114
143
|
- LICENSE.txt
|
115
144
|
- README.md
|
116
145
|
- Rakefile
|
117
146
|
- lib/rack/cors.rb
|
147
|
+
- lib/rack/cors/resource.rb
|
148
|
+
- lib/rack/cors/resources.rb
|
149
|
+
- lib/rack/cors/resources/cors_misconfiguration_error.rb
|
150
|
+
- lib/rack/cors/result.rb
|
118
151
|
- lib/rack/cors/version.rb
|
119
152
|
- rack-cors.gemspec
|
153
|
+
- test/.rubocop.yml
|
120
154
|
- test/cors/expect.js
|
121
155
|
- test/cors/mocha.css
|
122
156
|
- test/cors/mocha.js
|
@@ -147,11 +181,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
147
181
|
- !ruby/object:Gem::Version
|
148
182
|
version: '0'
|
149
183
|
requirements: []
|
150
|
-
rubygems_version: 3.
|
184
|
+
rubygems_version: 3.3.26
|
151
185
|
signing_key:
|
152
186
|
specification_version: 4
|
153
187
|
summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
|
154
188
|
test_files:
|
189
|
+
- test/.rubocop.yml
|
155
190
|
- test/cors/expect.js
|
156
191
|
- test/cors/mocha.css
|
157
192
|
- test/cors/mocha.js
|