rack-cors 1.0.5 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rack-cors might be problematic. Click here for more details.

Files changed (24) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yaml +39 -0
  3. data/.rubocop.yml +31 -0
  4. data/CHANGELOG.md +26 -0
  5. data/Gemfile +2 -0
  6. data/README.md +56 -35
  7. data/Rakefile +5 -4
  8. data/lib/rack/cors/resource.rb +142 -0
  9. data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
  10. data/lib/rack/cors/resources.rb +62 -0
  11. data/lib/rack/cors/result.rb +63 -0
  12. data/lib/rack/cors/version.rb +3 -1
  13. data/lib/rack/cors.rb +105 -346
  14. data/rack-cors.gemspec +20 -17
  15. data/test/.rubocop.yml +8 -0
  16. data/test/cors/test.cors.coffee +4 -2
  17. data/test/cors/test.cors.js +6 -2
  18. data/test/unit/cors_test.rb +174 -156
  19. data/test/unit/dsl_test.rb +30 -29
  20. data/test/unit/insecure.ru +2 -0
  21. data/test/unit/non_http.ru +2 -0
  22. data/test/unit/test.ru +24 -20
  23. metadata +52 -17
  24. data/.travis.yml +0 -8
data/test/unit/dsl_test.rb CHANGED
@@ -1,69 +1,70 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rubygems'
2
4
  require 'minitest/autorun'
3
5
  require 'rack/cors'
4
6
 
5
-
6
7
  describe Rack::Cors, 'DSL' do
7
8
  it 'should support explicit config object dsl mode' do
8
- cors = Rack::Cors.new(Proc.new {}) do |cfg|
9
+ cors = Rack::Cors.new(proc {}) do |cfg|
9
10
  cfg.allow do |allow|
10
- allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
11
- source == "http://10.10.10.10:3000" &&
12
- env["USER_AGENT"] == "test-agent"
11
+ allow.origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
12
+ source == 'http://10.10.10.10:3000' &&
13
+ env['USER_AGENT'] == 'test-agent'
13
14
  end
14
- allow.resource '/get-only', :methods => :get
15
- allow.resource '/', :headers => :any
15
+ allow.resource '/get-only', methods: :get
16
+ allow.resource '/', headers: :any
16
17
  end
17
18
  end
18
19
  resources = cors.send :all_resources
19
20
 
20
- resources.length.must_equal 1
21
- resources.first.allow_origin?('http://localhost:3000').must_equal true
22
- resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
23
- resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
24
- resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
21
+ _(resources.length).must_equal 1
22
+ _(resources.first.allow_origin?('http://localhost:3000')).must_equal true
23
+ _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
24
+ _(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
25
+ _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
25
26
  end
26
27
 
27
28
  it 'should support implicit config object dsl mode' do
28
- cors = Rack::Cors.new(Proc.new {}) do
29
+ cors = Rack::Cors.new(proc {}) do
29
30
  allow do
30
- origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
31
- source == "http://10.10.10.10:3000" &&
32
- env["USER_AGENT"] == "test-agent"
31
+ origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
32
+ source == 'http://10.10.10.10:3000' &&
33
+ env['USER_AGENT'] == 'test-agent'
33
34
  end
34
- resource '/get-only', :methods => :get
35
- resource '/', :headers => :any
35
+ resource '/get-only', methods: :get
36
+ resource '/', headers: :any
36
37
  end
37
38
  end
38
39
  resources = cors.send :all_resources
39
40
 
40
- resources.length.must_equal 1
41
- resources.first.allow_origin?('http://localhost:3000').must_equal true
42
- resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
43
- resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
44
- resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
41
+ _(resources.length).must_equal 1
42
+ _(resources.first.allow_origin?('http://localhost:3000')).must_equal true
43
+ _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
44
+ _(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
45
+ _(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
45
46
  end
46
47
 
47
48
  it 'should support "file://" origin' do
48
- cors = Rack::Cors.new(Proc.new {}) do
49
+ cors = Rack::Cors.new(proc {}) do
49
50
  allow do
50
51
  origins 'file://'
51
- resource '/', :headers => :any
52
+ resource '/', headers: :any
52
53
  end
53
54
  end
54
55
  resources = cors.send :all_resources
55
56
 
56
- resources.first.allow_origin?('file://').must_equal true
57
+ _(resources.first.allow_origin?('file://')).must_equal true
57
58
  end
58
59
 
59
60
  it 'should default credentials option to false' do
60
- cors = Rack::Cors.new(Proc.new {}) do
61
+ cors = Rack::Cors.new(proc {}) do
61
62
  allow do
62
63
  origins 'example.net'
63
- resource '/', :headers => :any
64
+ resource '/', headers: :any
64
65
  end
65
66
  end
66
67
  resources = cors.send :all_resources
67
- resources.first.resources.first.credentials.must_equal false
68
+ _(resources.first.resources.first.credentials).must_equal false
68
69
  end
69
70
  end
data/test/unit/insecure.ru CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/cors'
2
4
 
3
5
  use Rack::Cors do
data/test/unit/non_http.ru CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/cors'
2
4
 
3
5
  use Rack::Cors do
data/test/unit/test.ru CHANGED
@@ -1,25 +1,29 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/cors'
2
4
 
3
- #use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
5
+ # use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
4
6
  use Rack::Lint
5
7
  use Rack::Cors do
6
8
  allow do
7
9
  origins 'localhost:3000',
8
10
  '127.0.0.1:3000',
9
- /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/,
11
+ %r{http://192\.168\.0\.\d{1,3}(:\d+)?},
10
12
  'file://',
11
- /http:\/\/(.*?)\.example\.com/
12
-
13
- resource '/get-only', :methods => :get
14
- resource '/', :headers => :any, :methods => :any
15
- resource '/options', :methods => :options
16
- resource '/single_header', :headers => 'x-domain-token'
17
- resource '/two_headers', :headers => %w{x-domain-token x-requested-with}
18
- resource '/expose_single_header', :expose => 'expose-test'
19
- resource '/expose_multiple_headers', :expose => %w{expose-test-1 expose-test-2}
20
- resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
21
- resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
22
- resource '/patch_test', :methods => :patch
13
+ %r{http://(.*?)\.example\.com},
14
+ 'custom-protocol://abcdefg'
15
+
16
+ resource '/get-only', methods: :get
17
+ resource '/', headers: :any, methods: :any
18
+ resource '/options', methods: :options
19
+ resource '/single_header', headers: 'x-domain-token'
20
+ resource '/two_headers', headers: %w[x-domain-token x-requested-with]
21
+ resource '/expose_single_header', expose: 'expose-test'
22
+ resource '/expose_multiple_headers', expose: %w[expose-test-1 expose-test-2]
23
+ resource '/conditional', methods: :get, if: proc { |env| !!env['HTTP_X_OK'] }
24
+ resource '/vary_test', methods: :get, vary: %w[Origin Host]
25
+ resource '/patch_test', methods: :patch
26
+ resource '/wildcard/*', methods: :any
23
27
  # resource '/file/at/*',
24
28
  # :methods => [:get, :post, :put, :delete],
25
29
  # :headers => :any,
@@ -27,14 +31,14 @@ use Rack::Cors do
27
31
  end
28
32
 
29
33
  allow do
30
- origins do |source,env|
31
- source.end_with?("10.10.10.10:3000")
34
+ origins do |source, _env|
35
+ source.end_with?('10.10.10.10:3000')
32
36
  end
33
37
  resource '/proc-origin'
34
38
  end
35
39
 
36
40
  allow do
37
- origins -> (source, env) { source.end_with?("10.10.10.10:3000") }
41
+ origins ->(source, _env) { source.end_with?('10.10.10.10:3000') }
38
42
  resource '/lambda-origin'
39
43
  end
40
44
 
@@ -42,17 +46,17 @@ use Rack::Cors do
42
46
  origins '*'
43
47
  resource '/public'
44
48
  resource '/public/*'
45
- resource '/public_without_credentials', :credentials => false
49
+ resource '/public_without_credentials', credentials: false
46
50
  end
47
51
 
48
52
  allow do
49
53
  origins 'mucho-grande.com'
50
- resource '/multi-allow-config', :max_age => 600
54
+ resource '/multi-allow-config', max_age: 600
51
55
  end
52
56
 
53
57
  allow do
54
58
  origins '*'
55
- resource '/multi-allow-config', :max_age => 300, :credentials => false
59
+ resource '/multi-allow-config', max_age: 300, credentials: false
56
60
  end
57
61
 
58
62
  allow do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cors
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.5
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Calvin Yu
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-14 00:00:00.000000000 Z
11
+ date: 2023-03-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 1.6.0
19
+ version: 2.0.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 1.6.0
26
+ version: 2.0.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -45,61 +45,89 @@ dependencies:
45
45
  - !ruby/object:Gem::Version
46
46
  version: '3'
47
47
  - !ruby/object:Gem::Dependency
48
- name: rake
48
+ name: minitest
49
49
  requirement: !ruby/object:Gem::Requirement
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: 12.3.0
53
+ version: 5.11.0
54
54
  type: :development
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: 12.3.0
60
+ version: 5.11.0
61
61
  - !ruby/object:Gem::Dependency
62
- name: minitest
62
+ name: mocha
63
63
  requirement: !ruby/object:Gem::Requirement
64
64
  requirements:
65
65
  - - "~>"
66
66
  - !ruby/object:Gem::Version
67
- version: 5.11.0
67
+ version: 1.6.0
68
68
  type: :development
69
69
  prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
71
71
  requirements:
72
72
  - - "~>"
73
73
  - !ruby/object:Gem::Version
74
- version: 5.11.0
74
+ version: 1.6.0
75
75
  - !ruby/object:Gem::Dependency
76
- name: mocha
76
+ name: pry
77
77
  requirement: !ruby/object:Gem::Requirement
78
78
  requirements:
79
79
  - - "~>"
80
80
  - !ruby/object:Gem::Version
81
- version: 1.6.0
81
+ version: '0.12'
82
82
  type: :development
83
83
  prerelease: false
84
84
  version_requirements: !ruby/object:Gem::Requirement
85
85
  requirements:
86
86
  - - "~>"
87
87
  - !ruby/object:Gem::Version
88
- version: 1.6.0
88
+ version: '0.12'
89
89
  - !ruby/object:Gem::Dependency
90
90
  name: rack-test
91
91
  requirement: !ruby/object:Gem::Requirement
92
92
  requirements:
93
- - - "~>"
93
+ - - ">="
94
94
  - !ruby/object:Gem::Version
95
95
  version: 1.1.0
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
- - - "~>"
100
+ - - ">="
101
101
  - !ruby/object:Gem::Version
102
102
  version: 1.1.0
103
+ - !ruby/object:Gem::Dependency
104
+ name: rake
105
+ requirement: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - "~>"
108
+ - !ruby/object:Gem::Version
109
+ version: 12.3.0
110
+ type: :development
111
+ prerelease: false
112
+ version_requirements: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - "~>"
115
+ - !ruby/object:Gem::Version
116
+ version: 12.3.0
117
+ - !ruby/object:Gem::Dependency
118
+ name: rubocop
119
+ requirement: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - "~>"
122
+ - !ruby/object:Gem::Version
123
+ version: 0.80.1
124
+ type: :development
125
+ prerelease: false
126
+ version_requirements: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - "~>"
129
+ - !ruby/object:Gem::Version
130
+ version: 0.80.1
103
131
  description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
104
132
  project here: https://github.com/cyu/rack-cors'
105
133
  email:
@@ -108,15 +136,21 @@ executables: []
108
136
  extensions: []
109
137
  extra_rdoc_files: []
110
138
  files:
111
- - ".travis.yml"
139
+ - ".github/workflows/ci.yaml"
140
+ - ".rubocop.yml"
112
141
  - CHANGELOG.md
113
142
  - Gemfile
114
143
  - LICENSE.txt
115
144
  - README.md
116
145
  - Rakefile
117
146
  - lib/rack/cors.rb
147
+ - lib/rack/cors/resource.rb
148
+ - lib/rack/cors/resources.rb
149
+ - lib/rack/cors/resources/cors_misconfiguration_error.rb
150
+ - lib/rack/cors/result.rb
118
151
  - lib/rack/cors/version.rb
119
152
  - rack-cors.gemspec
153
+ - test/.rubocop.yml
120
154
  - test/cors/expect.js
121
155
  - test/cors/mocha.css
122
156
  - test/cors/mocha.js
@@ -147,11 +181,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
147
181
  - !ruby/object:Gem::Version
148
182
  version: '0'
149
183
  requirements: []
150
- rubygems_version: 3.0.6
184
+ rubygems_version: 3.3.26
151
185
  signing_key:
152
186
  specification_version: 4
153
187
  summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
154
188
  test_files:
189
+ - test/.rubocop.yml
155
190
  - test/cors/expect.js
156
191
  - test/cors/mocha.css
157
192
  - test/cors/mocha.js
data/.travis.yml DELETED
@@ -1,8 +0,0 @@
1
- language: ruby
2
- sudo: false
3
- rvm:
4
- - 2.2
5
- - 2.3
6
- - 2.4
7
- - 2.5
8
- - 2.6