rack-cors 1.1.1 → 2.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +31 -0
- data/.travis.yml +6 -1
- data/CHANGELOG.md +6 -0
- data/Gemfile +2 -0
- data/README.md +43 -33
- data/Rakefile +5 -4
- data/lib/rack/cors/resource.rb +132 -0
- data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
- data/lib/rack/cors/resources.rb +62 -0
- data/lib/rack/cors/result.rb +63 -0
- data/lib/rack/cors/version.rb +3 -1
- data/lib/rack/cors.rb +101 -354
- data/rack-cors.gemspec +20 -17
- data/test/.rubocop.yml +8 -0
- data/test/cors/test.cors.coffee +4 -2
- data/test/cors/test.cors.js +6 -2
- data/test/unit/cors_test.rb +164 -158
- data/test/unit/dsl_test.rb +30 -29
- data/test/unit/insecure.ru +2 -0
- data/test/unit/non_http.ru +2 -0
- data/test/unit/test.ru +24 -21
- metadata +49 -14
data/test/unit/dsl_test.rb
CHANGED
|
@@ -1,69 +1,70 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'rubygems'
|
|
2
4
|
require 'minitest/autorun'
|
|
3
5
|
require 'rack/cors'
|
|
4
6
|
|
|
5
|
-
|
|
6
7
|
describe Rack::Cors, 'DSL' do
|
|
7
8
|
it 'should support explicit config object dsl mode' do
|
|
8
|
-
cors = Rack::Cors.new(
|
|
9
|
+
cors = Rack::Cors.new(proc {}) do |cfg|
|
|
9
10
|
cfg.allow do |allow|
|
|
10
|
-
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
|
11
|
-
source ==
|
|
12
|
-
|
|
11
|
+
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
|
12
|
+
source == 'http://10.10.10.10:3000' &&
|
|
13
|
+
env['USER_AGENT'] == 'test-agent'
|
|
13
14
|
end
|
|
14
|
-
allow.resource '/get-only', :
|
|
15
|
-
allow.resource '/', :
|
|
15
|
+
allow.resource '/get-only', methods: :get
|
|
16
|
+
allow.resource '/', headers: :any
|
|
16
17
|
end
|
|
17
18
|
end
|
|
18
19
|
resources = cors.send :all_resources
|
|
19
20
|
|
|
20
|
-
resources.length.must_equal 1
|
|
21
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
|
22
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
|
23
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
|
24
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
|
21
|
+
_(resources.length).must_equal 1
|
|
22
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
|
23
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
|
24
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
|
25
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
it 'should support implicit config object dsl mode' do
|
|
28
|
-
cors = Rack::Cors.new(
|
|
29
|
+
cors = Rack::Cors.new(proc {}) do
|
|
29
30
|
allow do
|
|
30
|
-
origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
|
31
|
-
source ==
|
|
32
|
-
|
|
31
|
+
origins 'localhost:3000', '127.0.0.1:3000' do |source, env|
|
|
32
|
+
source == 'http://10.10.10.10:3000' &&
|
|
33
|
+
env['USER_AGENT'] == 'test-agent'
|
|
33
34
|
end
|
|
34
|
-
resource '/get-only', :
|
|
35
|
-
resource '/', :
|
|
35
|
+
resource '/get-only', methods: :get
|
|
36
|
+
resource '/', headers: :any
|
|
36
37
|
end
|
|
37
38
|
end
|
|
38
39
|
resources = cors.send :all_resources
|
|
39
40
|
|
|
40
|
-
resources.length.must_equal 1
|
|
41
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
|
42
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
|
43
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{
|
|
44
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{
|
|
41
|
+
_(resources.length).must_equal 1
|
|
42
|
+
_(resources.first.allow_origin?('http://localhost:3000')).must_equal true
|
|
43
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'test-agent' })).must_equal true
|
|
44
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3001', { 'USER_AGENT' => 'test-agent' })).wont_equal true
|
|
45
|
+
_(resources.first.allow_origin?('http://10.10.10.10:3000', { 'USER_AGENT' => 'other-agent' })).wont_equal true
|
|
45
46
|
end
|
|
46
47
|
|
|
47
48
|
it 'should support "file://" origin' do
|
|
48
|
-
cors = Rack::Cors.new(
|
|
49
|
+
cors = Rack::Cors.new(proc {}) do
|
|
49
50
|
allow do
|
|
50
51
|
origins 'file://'
|
|
51
|
-
resource '/', :
|
|
52
|
+
resource '/', headers: :any
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
resources = cors.send :all_resources
|
|
55
56
|
|
|
56
|
-
resources.first.allow_origin?('file://').must_equal true
|
|
57
|
+
_(resources.first.allow_origin?('file://')).must_equal true
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
it 'should default credentials option to false' do
|
|
60
|
-
cors = Rack::Cors.new(
|
|
61
|
+
cors = Rack::Cors.new(proc {}) do
|
|
61
62
|
allow do
|
|
62
63
|
origins 'example.net'
|
|
63
|
-
resource '/', :
|
|
64
|
+
resource '/', headers: :any
|
|
64
65
|
end
|
|
65
66
|
end
|
|
66
67
|
resources = cors.send :all_resources
|
|
67
|
-
resources.first.resources.first.credentials.must_equal false
|
|
68
|
+
_(resources.first.resources.first.credentials).must_equal false
|
|
68
69
|
end
|
|
69
70
|
end
|
data/test/unit/insecure.ru
CHANGED
data/test/unit/non_http.ru
CHANGED
data/test/unit/test.ru
CHANGED
|
@@ -1,26 +1,29 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'rack/cors'
|
|
2
4
|
|
|
3
|
-
#use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
|
5
|
+
# use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
|
4
6
|
use Rack::Lint
|
|
5
7
|
use Rack::Cors do
|
|
6
8
|
allow do
|
|
7
9
|
origins 'localhost:3000',
|
|
8
10
|
'127.0.0.1:3000',
|
|
9
|
-
|
|
11
|
+
%r{http://192\.168\.0\.\d{1,3}(:\d+)?},
|
|
10
12
|
'file://',
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
resource '/', :
|
|
15
|
-
resource '/
|
|
16
|
-
resource '/
|
|
17
|
-
resource '/
|
|
18
|
-
resource '/
|
|
19
|
-
resource '/
|
|
20
|
-
resource '/
|
|
21
|
-
resource '/
|
|
22
|
-
resource '/
|
|
23
|
-
resource '/
|
|
13
|
+
%r{http://(.*?)\.example\.com},
|
|
14
|
+
'custom-protocol://abcdefg'
|
|
15
|
+
|
|
16
|
+
resource '/get-only', methods: :get
|
|
17
|
+
resource '/', headers: :any, methods: :any
|
|
18
|
+
resource '/options', methods: :options
|
|
19
|
+
resource '/single_header', headers: 'x-domain-token'
|
|
20
|
+
resource '/two_headers', headers: %w[x-domain-token x-requested-with]
|
|
21
|
+
resource '/expose_single_header', expose: 'expose-test'
|
|
22
|
+
resource '/expose_multiple_headers', expose: %w[expose-test-1 expose-test-2]
|
|
23
|
+
resource '/conditional', methods: :get, if: proc { |env| !!env['HTTP_X_OK'] }
|
|
24
|
+
resource '/vary_test', methods: :get, vary: %w[Origin Host]
|
|
25
|
+
resource '/patch_test', methods: :patch
|
|
26
|
+
resource '/wildcard/*', methods: :any
|
|
24
27
|
# resource '/file/at/*',
|
|
25
28
|
# :methods => [:get, :post, :put, :delete],
|
|
26
29
|
# :headers => :any,
|
|
@@ -28,14 +31,14 @@ use Rack::Cors do
|
|
|
28
31
|
end
|
|
29
32
|
|
|
30
33
|
allow do
|
|
31
|
-
origins do |source,
|
|
32
|
-
source.end_with?(
|
|
34
|
+
origins do |source, _env|
|
|
35
|
+
source.end_with?('10.10.10.10:3000')
|
|
33
36
|
end
|
|
34
37
|
resource '/proc-origin'
|
|
35
38
|
end
|
|
36
39
|
|
|
37
40
|
allow do
|
|
38
|
-
origins ->
|
|
41
|
+
origins ->(source, _env) { source.end_with?('10.10.10.10:3000') }
|
|
39
42
|
resource '/lambda-origin'
|
|
40
43
|
end
|
|
41
44
|
|
|
@@ -43,17 +46,17 @@ use Rack::Cors do
|
|
|
43
46
|
origins '*'
|
|
44
47
|
resource '/public'
|
|
45
48
|
resource '/public/*'
|
|
46
|
-
resource '/public_without_credentials', :
|
|
49
|
+
resource '/public_without_credentials', credentials: false
|
|
47
50
|
end
|
|
48
51
|
|
|
49
52
|
allow do
|
|
50
53
|
origins 'mucho-grande.com'
|
|
51
|
-
resource '/multi-allow-config', :
|
|
54
|
+
resource '/multi-allow-config', max_age: 600
|
|
52
55
|
end
|
|
53
56
|
|
|
54
57
|
allow do
|
|
55
58
|
origins '*'
|
|
56
|
-
resource '/multi-allow-config', :
|
|
59
|
+
resource '/multi-allow-config', max_age: 300, credentials: false
|
|
57
60
|
end
|
|
58
61
|
|
|
59
62
|
allow do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Calvin Yu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -45,47 +45,47 @@ dependencies:
|
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '3'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
|
-
name:
|
|
48
|
+
name: minitest
|
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
|
50
50
|
requirements:
|
|
51
51
|
- - "~>"
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version:
|
|
53
|
+
version: 5.11.0
|
|
54
54
|
type: :development
|
|
55
55
|
prerelease: false
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
58
|
- - "~>"
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
version:
|
|
60
|
+
version: 5.11.0
|
|
61
61
|
- !ruby/object:Gem::Dependency
|
|
62
|
-
name:
|
|
62
|
+
name: mocha
|
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
65
|
- - "~>"
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version:
|
|
67
|
+
version: 1.6.0
|
|
68
68
|
type: :development
|
|
69
69
|
prerelease: false
|
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
71
|
requirements:
|
|
72
72
|
- - "~>"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version:
|
|
74
|
+
version: 1.6.0
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
|
-
name:
|
|
76
|
+
name: pry
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
|
78
78
|
requirements:
|
|
79
79
|
- - "~>"
|
|
80
80
|
- !ruby/object:Gem::Version
|
|
81
|
-
version:
|
|
81
|
+
version: '0.12'
|
|
82
82
|
type: :development
|
|
83
83
|
prerelease: false
|
|
84
84
|
version_requirements: !ruby/object:Gem::Requirement
|
|
85
85
|
requirements:
|
|
86
86
|
- - "~>"
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
|
-
version:
|
|
88
|
+
version: '0.12'
|
|
89
89
|
- !ruby/object:Gem::Dependency
|
|
90
90
|
name: rack-test
|
|
91
91
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,6 +100,34 @@ dependencies:
|
|
|
100
100
|
- - "~>"
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
102
|
version: 1.1.0
|
|
103
|
+
- !ruby/object:Gem::Dependency
|
|
104
|
+
name: rake
|
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
|
106
|
+
requirements:
|
|
107
|
+
- - "~>"
|
|
108
|
+
- !ruby/object:Gem::Version
|
|
109
|
+
version: 12.3.0
|
|
110
|
+
type: :development
|
|
111
|
+
prerelease: false
|
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
113
|
+
requirements:
|
|
114
|
+
- - "~>"
|
|
115
|
+
- !ruby/object:Gem::Version
|
|
116
|
+
version: 12.3.0
|
|
117
|
+
- !ruby/object:Gem::Dependency
|
|
118
|
+
name: rubocop
|
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
|
120
|
+
requirements:
|
|
121
|
+
- - "~>"
|
|
122
|
+
- !ruby/object:Gem::Version
|
|
123
|
+
version: 0.80.1
|
|
124
|
+
type: :development
|
|
125
|
+
prerelease: false
|
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
127
|
+
requirements:
|
|
128
|
+
- - "~>"
|
|
129
|
+
- !ruby/object:Gem::Version
|
|
130
|
+
version: 0.80.1
|
|
103
131
|
description: 'Middleware that will make Rack-based apps CORS compatible. Fork the
|
|
104
132
|
project here: https://github.com/cyu/rack-cors'
|
|
105
133
|
email:
|
|
@@ -108,6 +136,7 @@ executables: []
|
|
|
108
136
|
extensions: []
|
|
109
137
|
extra_rdoc_files: []
|
|
110
138
|
files:
|
|
139
|
+
- ".rubocop.yml"
|
|
111
140
|
- ".travis.yml"
|
|
112
141
|
- CHANGELOG.md
|
|
113
142
|
- Gemfile
|
|
@@ -115,8 +144,13 @@ files:
|
|
|
115
144
|
- README.md
|
|
116
145
|
- Rakefile
|
|
117
146
|
- lib/rack/cors.rb
|
|
147
|
+
- lib/rack/cors/resource.rb
|
|
148
|
+
- lib/rack/cors/resources.rb
|
|
149
|
+
- lib/rack/cors/resources/cors_misconfiguration_error.rb
|
|
150
|
+
- lib/rack/cors/result.rb
|
|
118
151
|
- lib/rack/cors/version.rb
|
|
119
152
|
- rack-cors.gemspec
|
|
153
|
+
- test/.rubocop.yml
|
|
120
154
|
- test/cors/expect.js
|
|
121
155
|
- test/cors/mocha.css
|
|
122
156
|
- test/cors/mocha.js
|
|
@@ -143,15 +177,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
143
177
|
version: '0'
|
|
144
178
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
145
179
|
requirements:
|
|
146
|
-
- - "
|
|
180
|
+
- - ">"
|
|
147
181
|
- !ruby/object:Gem::Version
|
|
148
|
-
version:
|
|
182
|
+
version: 1.3.1
|
|
149
183
|
requirements: []
|
|
150
|
-
rubygems_version: 3.
|
|
184
|
+
rubygems_version: 3.3.10
|
|
151
185
|
signing_key:
|
|
152
186
|
specification_version: 4
|
|
153
187
|
summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
|
|
154
188
|
test_files:
|
|
189
|
+
- test/.rubocop.yml
|
|
155
190
|
- test/cors/expect.js
|
|
156
191
|
- test/cors/mocha.css
|
|
157
192
|
- test/cors/mocha.js
|