rack-cors 1.0.6 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/lib/rack/cors/version.rb +1 -1
- data/lib/rack/cors.rb +15 -3
- data/rack-cors.gemspec +1 -1
- data/test/unit/cors_test.rb +14 -2
- data/test/unit/test.ru +1 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8f879bc8ea95eac0ca9360c3a553084961d02944255f6ad380b64e855653b8b6
|
|
4
|
+
data.tar.gz: bd9478603340a1785324ab4f1db9517a8943fdcc1be13193e4d6b83b184fa032
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 12d13e99acef13b159595487b3c0198bc1a355371bdb149241d11e1d0715148e0749085d0f0c362d4defdec2e325b416b1e93aeb28be2d421516d4db8185fdac
|
|
7
|
+
data.tar.gz: a1f373194a95094f337c545e7751eac2c4d8500dfd607088a88e55774b755fa0ec659710319a2f7997e579231b7de806e63f2ce4a1639cdb732eed5bcbb743b9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.1.1 - 2019-12-29
|
|
5
|
+
### Changed
|
|
6
|
+
- Allow /<resource>/* to match /<resource>/ and /<resource> paths
|
|
7
|
+
|
|
8
|
+
## 1.1.0 - 2019-11-19
|
|
9
|
+
### Changed
|
|
10
|
+
- Use Rack::Utils.escape_path instead of Rack::Utils.escape
|
|
11
|
+
- Require Rack 2.0 for escape_path method
|
|
12
|
+
- Don't try to clean path if invalid.
|
|
13
|
+
- Return 400 (Bad Request) on preflights with invalid path
|
|
14
|
+
|
|
4
15
|
## 1.0.6 - 2019-11-14
|
|
5
16
|
### Changed
|
|
6
17
|
- Use Rack::Utils.escape to make compat with Rack 1.6.0
|
data/lib/rack/cors/version.rb
CHANGED
data/lib/rack/cors.rb
CHANGED
|
@@ -76,7 +76,9 @@ module Rack
|
|
|
76
76
|
" Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"
|
|
77
77
|
].join("\n")
|
|
78
78
|
end
|
|
79
|
-
|
|
79
|
+
|
|
80
|
+
if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
|
|
81
|
+
return [400, {}, []] unless Rack::Utils.valid_path?(path)
|
|
80
82
|
headers = process_preflight(env, path)
|
|
81
83
|
debug(env) do
|
|
82
84
|
"Preflight Headers:\n" +
|
|
@@ -152,7 +154,15 @@ module Rack
|
|
|
152
154
|
|
|
153
155
|
def evaluate_path(env)
|
|
154
156
|
path = env[PATH_INFO]
|
|
155
|
-
|
|
157
|
+
|
|
158
|
+
if path
|
|
159
|
+
path = Rack::Utils.unescape_path(path)
|
|
160
|
+
|
|
161
|
+
if Rack::Utils.valid_path?(path)
|
|
162
|
+
path = Rack::Utils.clean_path_info(path)
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
156
166
|
path
|
|
157
167
|
end
|
|
158
168
|
|
|
@@ -437,8 +447,10 @@ module Rack
|
|
|
437
447
|
if path.respond_to? :to_str
|
|
438
448
|
special_chars = %w{. + ( )}
|
|
439
449
|
pattern =
|
|
440
|
-
path.to_str.gsub(/((:\w+)
|
|
450
|
+
path.to_str.gsub(/((:\w+)|\/\*|[\*#{special_chars.join}])/) do |match|
|
|
441
451
|
case match
|
|
452
|
+
when "/*"
|
|
453
|
+
"\\/?(.*?)"
|
|
442
454
|
when "*"
|
|
443
455
|
"(.*?)"
|
|
444
456
|
when *special_chars
|
data/rack-cors.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.add_dependency "rack", ">=
|
|
21
|
+
spec.add_dependency "rack", ">= 2.0.0"
|
|
22
22
|
spec.add_development_dependency "bundler", ">= 1.16.0", '< 3'
|
|
23
23
|
spec.add_development_dependency "rake", "~> 12.3.0"
|
|
24
24
|
spec.add_development_dependency "minitest", "~> 5.11.0"
|
data/test/unit/cors_test.rb
CHANGED
|
@@ -341,13 +341,25 @@ describe Rack::Cors do
|
|
|
341
341
|
last_response.must_render_cors_success
|
|
342
342
|
end
|
|
343
343
|
|
|
344
|
-
it
|
|
344
|
+
it "should allow '*' origins to allow any origin" do
|
|
345
345
|
preflight_request('http://locohost:3000', '/public')
|
|
346
346
|
last_response.must_render_cors_success
|
|
347
347
|
last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
|
|
348
348
|
end
|
|
349
349
|
|
|
350
|
-
it
|
|
350
|
+
it "should allow '/<path>/' resource if match pattern is /<path>/*" do
|
|
351
|
+
preflight_request('http://localhost:3000', '/wildcard/')
|
|
352
|
+
last_response.must_render_cors_success
|
|
353
|
+
last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
|
|
354
|
+
end
|
|
355
|
+
|
|
356
|
+
it "should allow '/<path>' resource if match pattern is /<path>/*" do
|
|
357
|
+
preflight_request('http://localhost:3000', '/wildcard')
|
|
358
|
+
last_response.must_render_cors_success
|
|
359
|
+
last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
|
|
360
|
+
end
|
|
361
|
+
|
|
362
|
+
it "should allow '*' origin to allow any origin, and set '*' if no credentials required" do
|
|
351
363
|
preflight_request('http://locohost:3000', '/public_without_credentials')
|
|
352
364
|
last_response.must_render_cors_success
|
|
353
365
|
last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
|
data/test/unit/test.ru
CHANGED
|
@@ -20,6 +20,7 @@ use Rack::Cors do
|
|
|
20
20
|
resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
|
|
21
21
|
resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
|
|
22
22
|
resource '/patch_test', :methods => :patch
|
|
23
|
+
resource '/wildcard/*', :methods => :any
|
|
23
24
|
# resource '/file/at/*',
|
|
24
25
|
# :methods => [:get, :post, :put, :delete],
|
|
25
26
|
# :headers => :any,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Calvin Yu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.0.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
147
147
|
- !ruby/object:Gem::Version
|
|
148
148
|
version: '0'
|
|
149
149
|
requirements: []
|
|
150
|
-
rubygems_version: 3.0.
|
|
150
|
+
rubygems_version: 3.0.3
|
|
151
151
|
signing_key:
|
|
152
152
|
specification_version: 4
|
|
153
153
|
summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
|