rack-cors 1.0.6 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/lib/rack/cors/version.rb +1 -1
- data/lib/rack/cors.rb +15 -3
- data/rack-cors.gemspec +1 -1
- data/test/unit/cors_test.rb +14 -2
- data/test/unit/test.ru +1 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8f879bc8ea95eac0ca9360c3a553084961d02944255f6ad380b64e855653b8b6
|
|
4
|
+
data.tar.gz: bd9478603340a1785324ab4f1db9517a8943fdcc1be13193e4d6b83b184fa032
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 12d13e99acef13b159595487b3c0198bc1a355371bdb149241d11e1d0715148e0749085d0f0c362d4defdec2e325b416b1e93aeb28be2d421516d4db8185fdac
|
|
7
|
+
data.tar.gz: a1f373194a95094f337c545e7751eac2c4d8500dfd607088a88e55774b755fa0ec659710319a2f7997e579231b7de806e63f2ce4a1639cdb732eed5bcbb743b9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.1.1 - 2019-12-29
|
|
5
|
+
### Changed
|
|
6
|
+
- Allow /<resource>/* to match /<resource>/ and /<resource> paths
|
|
7
|
+
|
|
8
|
+
## 1.1.0 - 2019-11-19
|
|
9
|
+
### Changed
|
|
10
|
+
- Use Rack::Utils.escape_path instead of Rack::Utils.escape
|
|
11
|
+
- Require Rack 2.0 for escape_path method
|
|
12
|
+
- Don't try to clean path if invalid.
|
|
13
|
+
- Return 400 (Bad Request) on preflights with invalid path
|
|
14
|
+
|
|
4
15
|
## 1.0.6 - 2019-11-14
|
|
5
16
|
### Changed
|
|
6
17
|
- Use Rack::Utils.escape to make compat with Rack 1.6.0
|
data/lib/rack/cors/version.rb
CHANGED
data/lib/rack/cors.rb
CHANGED
|
@@ -76,7 +76,9 @@ module Rack
|
|
|
76
76
|
" Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"
|
|
77
77
|
].join("\n")
|
|
78
78
|
end
|
|
79
|
-
|
|
79
|
+
|
|
80
|
+
if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
|
|
81
|
+
return [400, {}, []] unless Rack::Utils.valid_path?(path)
|
|
80
82
|
headers = process_preflight(env, path)
|
|
81
83
|
debug(env) do
|
|
82
84
|
"Preflight Headers:\n" +
|
|
@@ -152,7 +154,15 @@ module Rack
|
|
|
152
154
|
|
|
153
155
|
def evaluate_path(env)
|
|
154
156
|
path = env[PATH_INFO]
|
|
155
|
-
|
|
157
|
+
|
|
158
|
+
if path
|
|
159
|
+
path = Rack::Utils.unescape_path(path)
|
|
160
|
+
|
|
161
|
+
if Rack::Utils.valid_path?(path)
|
|
162
|
+
path = Rack::Utils.clean_path_info(path)
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
156
166
|
path
|
|
157
167
|
end
|
|
158
168
|
|
|
@@ -437,8 +447,10 @@ module Rack
|
|
|
437
447
|
if path.respond_to? :to_str
|
|
438
448
|
special_chars = %w{. + ( )}
|
|
439
449
|
pattern =
|
|
440
|
-
path.to_str.gsub(/((:\w+)
|
|
450
|
+
path.to_str.gsub(/((:\w+)|\/\*|[\*#{special_chars.join}])/) do |match|
|
|
441
451
|
case match
|
|
452
|
+
when "/*"
|
|
453
|
+
"\\/?(.*?)"
|
|
442
454
|
when "*"
|
|
443
455
|
"(.*?)"
|
|
444
456
|
when *special_chars
|
data/rack-cors.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.add_dependency "rack", ">=
|
|
21
|
+
spec.add_dependency "rack", ">= 2.0.0"
|
|
22
22
|
spec.add_development_dependency "bundler", ">= 1.16.0", '< 3'
|
|
23
23
|
spec.add_development_dependency "rake", "~> 12.3.0"
|
|
24
24
|
spec.add_development_dependency "minitest", "~> 5.11.0"
|
data/test/unit/cors_test.rb
CHANGED
|
@@ -341,13 +341,25 @@ describe Rack::Cors do
|
|
|
341
341
|
last_response.must_render_cors_success
|
|
342
342
|
end
|
|
343
343
|
|
|
344
|
-
it
|
|
344
|
+
it "should allow '*' origins to allow any origin" do
|
|
345
345
|
preflight_request('http://locohost:3000', '/public')
|
|
346
346
|
last_response.must_render_cors_success
|
|
347
347
|
last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
|
|
348
348
|
end
|
|
349
349
|
|
|
350
|
-
it
|
|
350
|
+
it "should allow '/<path>/' resource if match pattern is /<path>/*" do
|
|
351
|
+
preflight_request('http://localhost:3000', '/wildcard/')
|
|
352
|
+
last_response.must_render_cors_success
|
|
353
|
+
last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
|
|
354
|
+
end
|
|
355
|
+
|
|
356
|
+
it "should allow '/<path>' resource if match pattern is /<path>/*" do
|
|
357
|
+
preflight_request('http://localhost:3000', '/wildcard')
|
|
358
|
+
last_response.must_render_cors_success
|
|
359
|
+
last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
|
|
360
|
+
end
|
|
361
|
+
|
|
362
|
+
it "should allow '*' origin to allow any origin, and set '*' if no credentials required" do
|
|
351
363
|
preflight_request('http://locohost:3000', '/public_without_credentials')
|
|
352
364
|
last_response.must_render_cors_success
|
|
353
365
|
last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
|
data/test/unit/test.ru
CHANGED
|
@@ -20,6 +20,7 @@ use Rack::Cors do
|
|
|
20
20
|
resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
|
|
21
21
|
resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
|
|
22
22
|
resource '/patch_test', :methods => :patch
|
|
23
|
+
resource '/wildcard/*', :methods => :any
|
|
23
24
|
# resource '/file/at/*',
|
|
24
25
|
# :methods => [:get, :post, :put, :delete],
|
|
25
26
|
# :headers => :any,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Calvin Yu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.0.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
147
147
|
- !ruby/object:Gem::Version
|
|
148
148
|
version: '0'
|
|
149
149
|
requirements: []
|
|
150
|
-
rubygems_version: 3.0.
|
|
150
|
+
rubygems_version: 3.0.3
|
|
151
151
|
signing_key:
|
|
152
152
|
specification_version: 4
|
|
153
153
|
summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
|