rack-cors 1.1.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of rack-cors might be problematic. Click here for more details.

@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'minitest/autorun'
2
4
  require 'rack/test'
3
5
  require 'mocha/setup'
@@ -7,7 +9,7 @@ require 'ostruct'
7
9
  Rack::Test::Session.class_eval do
8
10
  unless defined? :options
9
11
  def options(uri, params = {}, env = {}, &block)
10
- env = env_for(uri, env.merge(:method => "OPTIONS", :params => params))
12
+ env = env_for(uri, env.merge(method: 'OPTIONS', params: params))
11
13
  process_request(uri, env, &block)
12
14
  end
13
15
  end
@@ -19,16 +21,16 @@ end
19
21
 
20
22
  module MiniTest::Assertions
21
23
  def assert_cors_success(response)
22
- assert !response.headers['Access-Control-Allow-Origin'].nil?, "Expected a successful CORS response"
24
+ assert !response.headers['Access-Control-Allow-Origin'].nil?, 'Expected a successful CORS response'
23
25
  end
24
26
 
25
27
  def assert_not_cors_success(response)
26
- assert response.headers['Access-Control-Allow-Origin'].nil?, "Expected a failed CORS response"
28
+ assert response.headers['Access-Control-Allow-Origin'].nil?, 'Expected a failed CORS response'
27
29
  end
28
30
  end
29
31
 
30
32
  class CaptureResult
31
- def initialize(app, options = {})
33
+ def initialize(app, options = {})
32
34
  @app = app
33
35
  @result_holder = options[:holder]
34
36
  end
@@ -36,18 +38,18 @@ class CaptureResult
36
38
  def call(env)
37
39
  response = @app.call(env)
38
40
  @result_holder.cors_result = env[Rack::Cors::RACK_CORS]
39
- return response
41
+ response
40
42
  end
41
43
  end
42
44
 
43
45
  class FakeProxy
44
- def initialize(app, options = {})
46
+ def initialize(app, _options = {})
45
47
  @app = app
46
48
  end
47
49
 
48
50
  def call(env)
49
51
  status, headers, body = @app.call(env)
50
- headers['Vary'] = %w(Origin User-Agent)
52
+ headers['vary'] = %w[Origin User-Agent]
51
53
  [status, headers, body]
52
54
  end
53
55
  end
@@ -63,13 +65,13 @@ describe Rack::Cors do
63
65
  def load_app(name, options = {})
64
66
  test = self
65
67
  Rack::Builder.new do
66
- use CaptureResult, :holder => test
68
+ use CaptureResult, holder: test
67
69
  eval File.read(File.dirname(__FILE__) + "/#{name}.ru")
68
70
  use FakeProxy if options[:proxy]
69
71
  map('/') do
70
- run proc { |env|
71
- [200, {'Content-Type' => 'text/html'}, ['success']]
72
- }
72
+ run(lambda do |_env|
73
+ [200, { 'content-type' => 'text/html' }, ['success']]
74
+ end)
73
75
  end
74
76
  end
75
77
  end
@@ -78,135 +80,135 @@ describe Rack::Cors do
78
80
 
79
81
  it 'should support simple CORS request' do
80
82
  successful_cors_request
81
- cors_result.must_be :hit
83
+ _(cors_result).must_be :hit
82
84
  end
83
85
 
84
86
  it "should not return CORS headers if Origin header isn't present" do
85
87
  get '/'
86
- last_response.wont_render_cors_success
87
- cors_result.wont_be :hit
88
+ _(last_response).wont_render_cors_success
89
+ _(cors_result).wont_be :hit
88
90
  end
89
91
 
90
92
  it 'should support OPTIONS CORS request' do
91
- successful_cors_request '/options', :method => :options
93
+ successful_cors_request '/options', method: :options
92
94
  end
93
95
 
94
96
  it 'should support regex origins configuration' do
95
- successful_cors_request :origin => 'http://192.168.0.1:1234'
97
+ successful_cors_request origin: 'http://192.168.0.1:1234'
96
98
  end
97
99
 
98
100
  it 'should support subdomain example' do
99
- successful_cors_request :origin => 'http://subdomain.example.com'
101
+ successful_cors_request origin: 'http://subdomain.example.com'
100
102
  end
101
103
 
102
104
  it 'should support proc origins configuration' do
103
- successful_cors_request '/proc-origin', :origin => 'http://10.10.10.10:3000'
105
+ successful_cors_request '/proc-origin', origin: 'http://10.10.10.10:3000'
104
106
  end
105
107
 
106
108
  it 'should support lambda origin configuration' do
107
- successful_cors_request '/lambda-origin', :origin => 'http://10.10.10.10:3000'
109
+ successful_cors_request '/lambda-origin', origin: 'http://10.10.10.10:3000'
108
110
  end
109
111
 
110
112
  it 'should support proc origins configuration (inverse)' do
111
- cors_request '/proc-origin', :origin => 'http://bad.guy'
112
- last_response.wont_render_cors_success
113
+ cors_request '/proc-origin', origin: 'http://bad.guy'
114
+ _(last_response).wont_render_cors_success
113
115
  end
114
116
 
115
117
  it 'should not mix up path rules across origins' do
116
118
  header 'Origin', 'http://10.10.10.10:3000'
117
119
  get '/' # / is configured in a separate rule block
118
- last_response.wont_render_cors_success
120
+ _(last_response).wont_render_cors_success
119
121
  end
120
122
 
121
123
  it 'should support alternative X-Origin header' do
122
124
  header 'X-Origin', 'http://localhost:3000'
123
125
  get '/'
124
- last_response.must_render_cors_success
126
+ _(last_response).must_render_cors_success
125
127
  end
126
128
 
127
129
  it 'should support expose header configuration' do
128
130
  successful_cors_request '/expose_single_header'
129
- last_response.headers['Access-Control-Expose-Headers'].must_equal 'expose-test'
131
+ _(last_response.headers['Access-Control-Expose-Headers']).must_equal 'expose-test'
130
132
  end
131
133
 
132
134
  it 'should support expose multiple header configuration' do
133
135
  successful_cors_request '/expose_multiple_headers'
134
- last_response.headers['Access-Control-Expose-Headers'].must_equal 'expose-test-1, expose-test-2'
136
+ _(last_response.headers['Access-Control-Expose-Headers']).must_equal 'expose-test-1, expose-test-2'
135
137
  end
136
138
 
137
139
  # Explanation: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/
138
140
  it "should add Vary header if resource matches even if Origin header isn't present" do
139
141
  get '/'
140
- last_response.wont_render_cors_success
141
- last_response.headers['Vary'].must_equal 'Origin'
142
+ _(last_response).wont_render_cors_success
143
+ _(last_response.headers['Vary']).must_equal 'Origin'
142
144
  end
143
145
 
144
- it "should add Vary header based on :vary option" do
146
+ it 'should add Vary header based on :vary option' do
145
147
  successful_cors_request '/vary_test'
146
- last_response.headers['Vary'].must_equal 'Origin, Host'
148
+ _(last_response.headers['Vary']).must_equal 'Origin, Host'
147
149
  end
148
150
 
149
- it "decode URL and resolve paths before resource matching" do
151
+ it 'decode URL and resolve paths before resource matching' do
150
152
  header 'Origin', 'http://localhost:3000'
151
153
  get '/public/a/..%2F..%2Fprivate/stuff'
152
- last_response.wont_render_cors_success
154
+ _(last_response).wont_render_cors_success
153
155
  end
154
156
 
155
- describe 'with array of upstream Vary headers' do
157
+ describe 'with upstream Vary headers' do
156
158
  let(:app) { load_app('test', { proxy: true }) }
157
159
 
158
160
  it 'should add to them' do
159
161
  successful_cors_request '/vary_test'
160
- last_response.headers['Vary'].must_equal 'Origin, User-Agent, Host'
162
+ _(last_response.headers['Vary']).must_equal 'Origin, User-Agent, Host'
161
163
  end
162
164
  end
163
165
 
164
166
  it 'should add Vary header if Access-Control-Allow-Origin header was added and if it is specific' do
165
- successful_cors_request '/', :origin => "http://192.168.0.3:8080"
166
- last_response.headers['Access-Control-Allow-Origin'].must_equal 'http://192.168.0.3:8080'
167
- last_response.headers['Vary'].wont_be_nil
167
+ successful_cors_request '/', origin: 'http://192.168.0.3:8080'
168
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal 'http://192.168.0.3:8080'
169
+ _(last_response.headers['Vary']).wont_be_nil
168
170
  end
169
171
 
170
172
  it 'should add Vary header even if Access-Control-Allow-Origin header was added and it is generic (*)' do
171
- successful_cors_request '/public_without_credentials', :origin => "http://192.168.1.3:8080"
172
- last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
173
- last_response.headers['Vary'].must_equal 'Origin'
173
+ successful_cors_request '/public_without_credentials', origin: 'http://192.168.1.3:8080'
174
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal '*'
175
+ _(last_response.headers['Vary']).must_equal 'Origin'
174
176
  end
175
177
 
176
178
  it 'should support multi allow configurations for the same resource' do
177
- successful_cors_request '/multi-allow-config', :origin => "http://mucho-grande.com"
178
- last_response.headers['Access-Control-Allow-Origin'].must_equal 'http://mucho-grande.com'
179
- last_response.headers['Vary'].must_equal 'Origin'
179
+ successful_cors_request '/multi-allow-config', origin: 'http://mucho-grande.com'
180
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal 'http://mucho-grande.com'
181
+ _(last_response.headers['Vary']).must_equal 'Origin'
180
182
 
181
- successful_cors_request '/multi-allow-config', :origin => "http://192.168.1.3:8080"
182
- last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
183
- last_response.headers['Vary'].must_equal 'Origin'
183
+ successful_cors_request '/multi-allow-config', origin: 'http://192.168.1.3:8080'
184
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal '*'
185
+ _(last_response.headers['Vary']).must_equal 'Origin'
184
186
  end
185
187
 
186
- it "should not return CORS headers on OPTIONS request if Access-Control-Allow-Origin is not present" do
188
+ it 'should not return CORS headers on OPTIONS request if Access-Control-Allow-Origin is not present' do
187
189
  options '/get-only'
188
- last_response.headers['Access-Control-Allow-Origin'].must_be_nil
190
+ _(last_response.headers['Access-Control-Allow-Origin']).must_be_nil
189
191
  end
190
192
 
191
- it "should not apply CORS headers if it does not match conditional on resource" do
193
+ it 'should not apply CORS headers if it does not match conditional on resource' do
192
194
  header 'Origin', 'http://192.168.0.1:1234'
193
195
  get '/conditional'
194
- last_response.wont_render_cors_success
196
+ _(last_response).wont_render_cors_success
195
197
  end
196
198
 
197
- it "should apply CORS headers if it does match conditional on resource" do
199
+ it 'should apply CORS headers if it does match conditional on resource' do
198
200
  header 'X-OK', '1'
199
- successful_cors_request '/conditional', :origin => 'http://192.168.0.1:1234'
201
+ successful_cors_request '/conditional', origin: 'http://192.168.0.1:1234'
200
202
  end
201
203
 
202
- it "should not allow everything if Origin is configured as blank string" do
203
- cors_request '/blank-origin', origin: "http://example.net"
204
- last_response.wont_render_cors_success
204
+ it 'should not allow everything if Origin is configured as blank string' do
205
+ cors_request '/blank-origin', origin: 'http://example.net'
206
+ _(last_response).wont_render_cors_success
205
207
  end
206
208
 
207
- it "should not allow credentials for public resources" do
209
+ it 'should not allow credentials for public resources' do
208
210
  successful_cors_request '/public'
209
- last_response.headers['Access-Control-Allow-Credentials'].must_be_nil
211
+ _(last_response.headers['Access-Control-Allow-Credentials']).must_be_nil
210
212
  end
211
213
 
212
214
  describe 'logging' do
@@ -217,7 +219,7 @@ describe Rack::Cors do
217
219
  logger = mock
218
220
  logger.expects(:debug).never
219
221
 
220
- cors = Rack::Cors.new(app, :debug => false, :logger => logger) {}
222
+ cors = Rack::Cors.new(app, debug: false, logger: logger) {}
221
223
  cors.send(:debug, {}, 'testing')
222
224
  end
223
225
 
@@ -228,7 +230,7 @@ describe Rack::Cors do
228
230
  logger = mock
229
231
  logger.expects(:debug)
230
232
 
231
- cors = Rack::Cors.new(app, :debug => true, :logger => logger) {}
233
+ cors = Rack::Cors.new(app, debug: true, logger: logger) {}
232
234
  cors.send(:debug, {}, 'testing')
233
235
  end
234
236
 
@@ -239,8 +241,8 @@ describe Rack::Cors do
239
241
  logger = mock
240
242
  logger.expects(:debug).at_least_once
241
243
 
242
- cors = Rack::Cors.new(app, :debug => true) {}
243
- cors.call({'rack.logger' => logger, 'HTTP_ORIGIN' => 'test.com'})
244
+ cors = Rack::Cors.new(app, debug: true) {}
245
+ cors.call({ 'rack.logger' => logger, 'HTTP_ORIGIN' => 'test.com' })
244
246
  end
245
247
 
246
248
  it 'should use logger proc' do
@@ -250,8 +252,8 @@ describe Rack::Cors do
250
252
  logger = mock
251
253
  logger.expects(:debug)
252
254
 
253
- cors = Rack::Cors.new(app, :debug => true, :logger => proc { logger }) {}
254
- cors.call({'HTTP_ORIGIN' => 'test.com'})
255
+ cors = Rack::Cors.new(app, debug: true, logger: proc { logger }) {}
256
+ cors.call({ 'HTTP_ORIGIN' => 'test.com' })
255
257
  end
256
258
 
257
259
  describe 'with Rails setup' do
@@ -266,10 +268,10 @@ describe Rack::Cors do
266
268
  logger = mock
267
269
  logger.expects(:debug)
268
270
 
269
- ::Rails = OpenStruct.new(:logger => logger)
271
+ ::Rails = OpenStruct.new(logger: logger)
270
272
 
271
- cors = Rack::Cors.new(app, :debug => true) {}
272
- cors.call({'HTTP_ORIGIN' => 'test.com'})
273
+ cors = Rack::Cors.new(app, debug: true) {}
274
+ cors.call({ 'HTTP_ORIGIN' => 'test.com' })
273
275
  end
274
276
  end
275
277
 
@@ -282,97 +284,102 @@ describe Rack::Cors do
282
284
  logger.expects(:tap).returns(logger)
283
285
  logger.expects(:debug)
284
286
 
285
- cors = Rack::Cors.new(app, :debug => true) {}
286
- cors.call({'HTTP_ORIGIN' => 'test.com'})
287
+ cors = Rack::Cors.new(app, debug: true) {}
288
+ cors.call({ 'HTTP_ORIGIN' => 'test.com' })
287
289
  end
288
290
  end
289
291
 
290
292
  describe 'preflight requests' do
291
293
  it 'should fail if origin is invalid' do
292
294
  preflight_request('http://allyourdataarebelongtous.com', '/')
293
- last_response.wont_render_cors_success
294
- cors_result.wont_be :hit
295
- cors_result.must_be :preflight
295
+ _(last_response).wont_render_cors_success
296
+ _(cors_result).wont_be :hit
297
+ _(cors_result).must_be :preflight
296
298
  end
297
299
 
298
300
  it 'should fail if Access-Control-Request-Method is not allowed' do
299
- preflight_request('http://localhost:3000', '/get-only', :method => :post)
300
- last_response.wont_render_cors_success
301
- cors_result.miss_reason.must_equal Rack::Cors::Result::MISS_DENY_METHOD
302
- cors_result.wont_be :hit
303
- cors_result.must_be :preflight
301
+ preflight_request('http://localhost:3000', '/get-only', method: :post)
302
+ _(last_response).wont_render_cors_success
303
+ _(cors_result.miss_reason).must_equal Rack::Cors::Result::MISS_DENY_METHOD
304
+ _(cors_result).wont_be :hit
305
+ _(cors_result).must_be :preflight
304
306
  end
305
307
 
306
308
  it 'should fail if header is not allowed' do
307
- preflight_request('http://localhost:3000', '/single_header', :headers => 'Fooey')
308
- last_response.wont_render_cors_success
309
- cors_result.miss_reason.must_equal Rack::Cors::Result::MISS_DENY_HEADER
310
- cors_result.wont_be :hit
311
- cors_result.must_be :preflight
309
+ preflight_request('http://localhost:3000', '/single_header', headers: 'Fooey')
310
+ _(last_response).wont_render_cors_success
311
+ _(cors_result.miss_reason).must_equal Rack::Cors::Result::MISS_DENY_HEADER
312
+ _(cors_result).wont_be :hit
313
+ _(cors_result).must_be :preflight
312
314
  end
313
315
 
314
316
  it 'should allow any header if headers = :any' do
315
- preflight_request('http://localhost:3000', '/', :headers => 'Fooey')
316
- last_response.must_render_cors_success
317
+ preflight_request('http://localhost:3000', '/', headers: 'Fooey')
318
+ _(last_response).must_render_cors_success
317
319
  end
318
320
 
319
321
  it 'should allow any method if methods = :any' do
320
- preflight_request('http://localhost:3000', '/', :methods => :any)
321
- last_response.must_render_cors_success
322
+ preflight_request('http://localhost:3000', '/', methods: :any)
323
+ _(last_response).must_render_cors_success
322
324
  end
323
325
 
324
326
  it 'allows PATCH method' do
325
- preflight_request('http://localhost:3000', '/', :methods => [ :patch ])
326
- last_response.must_render_cors_success
327
+ preflight_request('http://localhost:3000', '/', methods: [:patch])
328
+ _(last_response).must_render_cors_success
327
329
  end
328
330
 
329
331
  it 'should allow header case insensitive match' do
330
- preflight_request('http://localhost:3000', '/single_header', :headers => 'X-Domain-Token')
331
- last_response.must_render_cors_success
332
+ preflight_request('http://localhost:3000', '/single_header', headers: 'X-Domain-Token')
333
+ _(last_response).must_render_cors_success
332
334
  end
333
335
 
334
336
  it 'should allow multiple headers match' do
335
337
  # Webkit style
336
- preflight_request('http://localhost:3000', '/two_headers', :headers => 'X-Requested-With, X-Domain-Token')
337
- last_response.must_render_cors_success
338
+ preflight_request('http://localhost:3000', '/two_headers', headers: 'X-Requested-With, X-Domain-Token')
339
+ _(last_response).must_render_cors_success
338
340
 
339
341
  # Gecko style
340
- preflight_request('http://localhost:3000', '/two_headers', :headers => 'x-requested-with,x-domain-token')
341
- last_response.must_render_cors_success
342
+ preflight_request('http://localhost:3000', '/two_headers', headers: 'x-requested-with,x-domain-token')
343
+ _(last_response).must_render_cors_success
342
344
  end
343
345
 
344
346
  it "should allow '*' origins to allow any origin" do
345
347
  preflight_request('http://locohost:3000', '/public')
346
- last_response.must_render_cors_success
347
- last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
348
+ _(last_response).must_render_cors_success
349
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal '*'
348
350
  end
349
351
 
350
352
  it "should allow '/<path>/' resource if match pattern is /<path>/*" do
351
353
  preflight_request('http://localhost:3000', '/wildcard/')
352
- last_response.must_render_cors_success
353
- last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
354
+ _(last_response).must_render_cors_success
355
+ _(last_response.headers['Access-Control-Allow-Origin']).wont_equal nil
354
356
  end
355
357
 
356
358
  it "should allow '/<path>' resource if match pattern is /<path>/*" do
357
359
  preflight_request('http://localhost:3000', '/wildcard')
358
- last_response.must_render_cors_success
359
- last_response.headers['Access-Control-Allow-Origin'].wont_equal nil
360
+ _(last_response).must_render_cors_success
361
+ _(last_response.headers['Access-Control-Allow-Origin']).wont_equal nil
360
362
  end
361
363
 
362
364
  it "should allow '*' origin to allow any origin, and set '*' if no credentials required" do
363
365
  preflight_request('http://locohost:3000', '/public_without_credentials')
364
- last_response.must_render_cors_success
365
- last_response.headers['Access-Control-Allow-Origin'].must_equal '*'
366
+ _(last_response).must_render_cors_success
367
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal '*'
366
368
  end
367
369
 
368
370
  it 'should return "file://" as header with "file://" as origin' do
369
371
  preflight_request('file://', '/')
370
- last_response.must_render_cors_success
371
- last_response.headers['Access-Control-Allow-Origin'].must_equal 'file://'
372
+ _(last_response).must_render_cors_success
373
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal 'file://'
372
374
  end
373
375
 
374
- describe '' do
376
+ it 'supports custom protocols in origin' do
377
+ preflight_request('custom-protocol://abcdefg', '/')
378
+ _(last_response).must_render_cors_success
379
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal 'custom-protocol://abcdefg'
380
+ end
375
381
 
382
+ describe '' do
376
383
  let(:app) do
377
384
  test = self
378
385
  Rack::Builder.new do
@@ -380,36 +387,36 @@ describe Rack::Cors do
380
387
  use Rack::Cors, debug: true, logger: Logger.new(StringIO.new) do
381
388
  allow do
382
389
  origins '*'
383
- resource '/', :methods => :post
390
+ resource '/', methods: :post
384
391
  end
385
392
  end
386
393
  map('/') do
387
- run ->(env) { [500, {}, ['FAIL!']] }
394
+ run ->(_env) { [500, {}, ['FAIL!']] }
388
395
  end
389
396
  end
390
397
  end
391
398
 
392
- it "should not send failed preflight requests thru the app" do
393
- preflight_request('http://localhost', '/', :method => :unsupported)
394
- last_response.wont_render_cors_success
395
- last_response.status.must_equal 200
396
- cors_result.must_be :preflight
397
- cors_result.wont_be :hit
398
- cors_result.miss_reason.must_equal Rack::Cors::Result::MISS_DENY_METHOD
399
+ it 'should not send failed preflight requests thru the app' do
400
+ preflight_request('http://localhost', '/', method: :unsupported)
401
+ _(last_response).wont_render_cors_success
402
+ _(last_response.status).must_equal 200
403
+ _(cors_result).must_be :preflight
404
+ _(cors_result).wont_be :hit
405
+ _(cors_result.miss_reason).must_equal Rack::Cors::Result::MISS_DENY_METHOD
399
406
  end
400
407
  end
401
408
  end
402
409
 
403
- describe "with insecure configuration" do
410
+ describe 'with insecure configuration' do
404
411
  let(:app) { load_app('insecure') }
405
412
 
406
- it "should raise an error" do
407
- proc { cors_request '/public' }.must_raise Rack::Cors::Resource::CorsMisconfigurationError
413
+ it 'should raise an error' do
414
+ _(proc { cors_request '/public' }).must_raise Rack::Cors::Resource::CorsMisconfigurationError
408
415
  end
409
416
  end
410
417
 
411
- describe "with non HTTP config" do
412
- let(:app) { load_app("non_http") }
418
+ describe 'with non HTTP config' do
419
+ let(:app) { load_app('non_http') }
413
420
 
414
421
  it 'should support non http/https origins' do
415
422
  successful_cors_request '/public', origin: 'content://com.company.app'
@@ -421,13 +428,13 @@ describe Rack::Cors do
421
428
  @app ||= Rack::Builder.new do
422
429
  use Rack::Cors
423
430
  use Rack::Lint
424
- run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
431
+ run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
425
432
  end
426
433
  end
427
434
 
428
435
  it 'is lint-compliant with non-CORS request' do
429
436
  get '/'
430
- last_response.status.must_equal 200
437
+ _(last_response.status).must_equal 200
431
438
  end
432
439
  end
433
440
 
@@ -441,19 +448,19 @@ describe Rack::Cors do
441
448
  end
442
449
  end
443
450
  map('/') do
444
- run ->(env) { [200, {'Access-Control-Allow-Origin' => 'http://foo.net'}, ['success']] }
451
+ run ->(_env) { [200, { 'Access-Control-Allow-Origin' => 'http://foo.net' }, ['success']] }
445
452
  end
446
453
  end
447
454
  end
448
455
 
449
- it "should return app header" do
450
- successful_cors_request origin: "http://example.net"
451
- last_response.headers['Access-Control-Allow-Origin'].must_equal "http://foo.net"
456
+ it 'should return app header' do
457
+ successful_cors_request origin: 'http://example.net'
458
+ _(last_response.headers['Access-Control-Allow-Origin']).must_equal 'http://foo.net'
452
459
  end
453
460
 
454
- it "should return original headers if in debug" do
455
- successful_cors_request origin: "http://example.net"
456
- last_response.headers['X-Rack-CORS-Original-Access-Control-Allow-Origin'].must_equal "*"
461
+ it 'should return original headers if in debug' do
462
+ successful_cors_request origin: 'http://example.net'
463
+ _(last_response.headers['X-Rack-CORS-Original-Access-Control-Allow-Origin']).must_equal '*'
457
464
  end
458
465
  end
459
466
 
@@ -467,14 +474,14 @@ describe Rack::Cors do
467
474
  end
468
475
  end
469
476
  map('/') do
470
- run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
477
+ run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
471
478
  end
472
479
  end
473
480
  end
474
481
 
475
482
  it 'should succeed with CORS simple headers' do
476
- preflight_request('http://localhost:3000', '/', :headers => 'Accept')
477
- last_response.must_render_cors_success
483
+ preflight_request('http://localhost:3000', '/', headers: 'Accept')
484
+ _(last_response).must_render_cors_success
478
485
  end
479
486
  end
480
487
 
@@ -488,47 +495,46 @@ describe Rack::Cors do
488
495
  end
489
496
  end
490
497
  map('/') do
491
- run ->(env) { [200, {'Content-Type' => 'text/html'}, ['hello']] }
498
+ run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
492
499
  end
493
500
  end
494
501
  end
495
502
 
496
503
  it 'should succeed with CORS simple headers' do
497
- preflight_request('http://localhost:3000', '/', :headers => 'Accept')
498
- last_response.must_render_cors_success
499
- preflight_request('http://localhost:3000', '/', :headers => 'Accept-Language')
500
- last_response.must_render_cors_success
501
- preflight_request('http://localhost:3000', '/', :headers => 'Content-Type')
502
- last_response.must_render_cors_success
503
- preflight_request('http://localhost:3000', '/', :headers => 'Content-Language')
504
- last_response.must_render_cors_success
504
+ preflight_request('http://localhost:3000', '/', headers: 'Accept')
505
+ _(last_response).must_render_cors_success
506
+ preflight_request('http://localhost:3000', '/', headers: 'Accept-Language')
507
+ _(last_response).must_render_cors_success
508
+ preflight_request('http://localhost:3000', '/', headers: 'Content-Type')
509
+ _(last_response).must_render_cors_success
510
+ preflight_request('http://localhost:3000', '/', headers: 'Content-Language')
511
+ _(last_response).must_render_cors_success
505
512
  end
506
513
  end
507
514
 
508
515
  protected
509
- def cors_request(*args)
510
- path = args.first.is_a?(String) ? args.first : '/'
511
516
 
512
- opts = { :method => :get, :origin => 'http://localhost:3000' }
513
- opts.merge! args.last if args.last.is_a?(Hash)
517
+ def cors_request(*args)
518
+ path = args.first.is_a?(String) ? args.first : '/'
514
519
 
515
- header 'Origin', opts[:origin]
516
- current_session.__send__ opts[:method], path, {}, test: self
517
- end
520
+ opts = { method: :get, origin: 'http://localhost:3000' }
521
+ opts.merge! args.last if args.last.is_a?(Hash)
518
522
 
519
- def successful_cors_request(*args)
520
- cors_request(*args)
521
- last_response.must_render_cors_success
522
- end
523
+ header 'origin', opts[:origin]
524
+ current_session.__send__ opts[:method], path, {}, test: self
525
+ end
523
526
 
524
- def preflight_request(origin, path, opts = {})
525
- header 'Origin', origin
526
- unless opts.key?(:method) && opts[:method].nil?
527
- header 'Access-Control-Request-Method', opts[:method] ? opts[:method].to_s.upcase : 'GET'
528
- end
529
- if opts[:headers]
530
- header 'Access-Control-Request-Headers', opts[:headers]
531
- end
532
- options path
527
+ def successful_cors_request(*args)
528
+ cors_request(*args)
529
+ _(last_response).must_render_cors_success
530
+ end
531
+
532
+ def preflight_request(origin, path, opts = {})
533
+ header 'Origin', origin
534
+ unless opts.key?(:method) && opts[:method].nil?
535
+ header 'Access-Control-Request-Method', opts[:method] ? opts[:method].to_s.upcase : 'GET'
533
536
  end
537
+ header 'Access-Control-Request-Headers', opts[:headers] if opts[:headers]
538
+ options path
539
+ end
534
540
  end