rack-cors 1.1.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +54 -35
- data/lib/rack/cors/resource.rb +142 -0
- data/lib/rack/cors/resources/cors_misconfiguration_error.rb +14 -0
- data/lib/rack/cors/resources.rb +62 -0
- data/lib/rack/cors/result.rb +63 -0
- data/lib/rack/cors/version.rb +3 -1
- data/lib/rack/cors.rb +101 -354
- metadata +50 -44
- data/.travis.yml +0 -8
- data/Gemfile +0 -6
- data/Rakefile +0 -21
- data/rack-cors.gemspec +0 -27
- data/test/cors/expect.js +0 -1286
- data/test/cors/mocha.css +0 -250
- data/test/cors/mocha.js +0 -5373
- data/test/cors/runner.html +0 -20
- data/test/cors/test.cors.coffee +0 -47
- data/test/cors/test.cors.js +0 -75
- data/test/unit/cors_test.rb +0 -534
- data/test/unit/dsl_test.rb +0 -69
- data/test/unit/insecure.ru +0 -8
- data/test/unit/non_http.ru +0 -8
- data/test/unit/test.ru +0 -63
data/test/unit/dsl_test.rb
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'minitest/autorun'
|
3
|
-
require 'rack/cors'
|
4
|
-
|
5
|
-
|
6
|
-
describe Rack::Cors, 'DSL' do
|
7
|
-
it 'should support explicit config object dsl mode' do
|
8
|
-
cors = Rack::Cors.new(Proc.new {}) do |cfg|
|
9
|
-
cfg.allow do |allow|
|
10
|
-
allow.origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
11
|
-
source == "http://10.10.10.10:3000" &&
|
12
|
-
env["USER_AGENT"] == "test-agent"
|
13
|
-
end
|
14
|
-
allow.resource '/get-only', :methods => :get
|
15
|
-
allow.resource '/', :headers => :any
|
16
|
-
end
|
17
|
-
end
|
18
|
-
resources = cors.send :all_resources
|
19
|
-
|
20
|
-
resources.length.must_equal 1
|
21
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
22
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
|
23
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
|
24
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
|
25
|
-
end
|
26
|
-
|
27
|
-
it 'should support implicit config object dsl mode' do
|
28
|
-
cors = Rack::Cors.new(Proc.new {}) do
|
29
|
-
allow do
|
30
|
-
origins 'localhost:3000', '127.0.0.1:3000' do |source,env|
|
31
|
-
source == "http://10.10.10.10:3000" &&
|
32
|
-
env["USER_AGENT"] == "test-agent"
|
33
|
-
end
|
34
|
-
resource '/get-only', :methods => :get
|
35
|
-
resource '/', :headers => :any
|
36
|
-
end
|
37
|
-
end
|
38
|
-
resources = cors.send :all_resources
|
39
|
-
|
40
|
-
resources.length.must_equal 1
|
41
|
-
resources.first.allow_origin?('http://localhost:3000').must_equal true
|
42
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "test-agent" }).must_equal true
|
43
|
-
resources.first.allow_origin?('http://10.10.10.10:3001',{"USER_AGENT" => "test-agent" }).wont_equal true
|
44
|
-
resources.first.allow_origin?('http://10.10.10.10:3000',{"USER_AGENT" => "other-agent"}).wont_equal true
|
45
|
-
end
|
46
|
-
|
47
|
-
it 'should support "file://" origin' do
|
48
|
-
cors = Rack::Cors.new(Proc.new {}) do
|
49
|
-
allow do
|
50
|
-
origins 'file://'
|
51
|
-
resource '/', :headers => :any
|
52
|
-
end
|
53
|
-
end
|
54
|
-
resources = cors.send :all_resources
|
55
|
-
|
56
|
-
resources.first.allow_origin?('file://').must_equal true
|
57
|
-
end
|
58
|
-
|
59
|
-
it 'should default credentials option to false' do
|
60
|
-
cors = Rack::Cors.new(Proc.new {}) do
|
61
|
-
allow do
|
62
|
-
origins 'example.net'
|
63
|
-
resource '/', :headers => :any
|
64
|
-
end
|
65
|
-
end
|
66
|
-
resources = cors.send :all_resources
|
67
|
-
resources.first.resources.first.credentials.must_equal false
|
68
|
-
end
|
69
|
-
end
|
data/test/unit/insecure.ru
DELETED
data/test/unit/non_http.ru
DELETED
data/test/unit/test.ru
DELETED
@@ -1,63 +0,0 @@
|
|
1
|
-
require 'rack/cors'
|
2
|
-
|
3
|
-
#use Rack::Cors, :debug => true, :logger => ::Logger.new(STDOUT) do
|
4
|
-
use Rack::Lint
|
5
|
-
use Rack::Cors do
|
6
|
-
allow do
|
7
|
-
origins 'localhost:3000',
|
8
|
-
'127.0.0.1:3000',
|
9
|
-
/http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/,
|
10
|
-
'file://',
|
11
|
-
/http:\/\/(.*?)\.example\.com/
|
12
|
-
|
13
|
-
resource '/get-only', :methods => :get
|
14
|
-
resource '/', :headers => :any, :methods => :any
|
15
|
-
resource '/options', :methods => :options
|
16
|
-
resource '/single_header', :headers => 'x-domain-token'
|
17
|
-
resource '/two_headers', :headers => %w{x-domain-token x-requested-with}
|
18
|
-
resource '/expose_single_header', :expose => 'expose-test'
|
19
|
-
resource '/expose_multiple_headers', :expose => %w{expose-test-1 expose-test-2}
|
20
|
-
resource '/conditional', :methods => :get, :if => proc { |env| !!env['HTTP_X_OK'] }
|
21
|
-
resource '/vary_test', :methods => :get, :vary => %w{ Origin Host }
|
22
|
-
resource '/patch_test', :methods => :patch
|
23
|
-
resource '/wildcard/*', :methods => :any
|
24
|
-
# resource '/file/at/*',
|
25
|
-
# :methods => [:get, :post, :put, :delete],
|
26
|
-
# :headers => :any,
|
27
|
-
# :max_age => 0
|
28
|
-
end
|
29
|
-
|
30
|
-
allow do
|
31
|
-
origins do |source,env|
|
32
|
-
source.end_with?("10.10.10.10:3000")
|
33
|
-
end
|
34
|
-
resource '/proc-origin'
|
35
|
-
end
|
36
|
-
|
37
|
-
allow do
|
38
|
-
origins -> (source, env) { source.end_with?("10.10.10.10:3000") }
|
39
|
-
resource '/lambda-origin'
|
40
|
-
end
|
41
|
-
|
42
|
-
allow do
|
43
|
-
origins '*'
|
44
|
-
resource '/public'
|
45
|
-
resource '/public/*'
|
46
|
-
resource '/public_without_credentials', :credentials => false
|
47
|
-
end
|
48
|
-
|
49
|
-
allow do
|
50
|
-
origins 'mucho-grande.com'
|
51
|
-
resource '/multi-allow-config', :max_age => 600
|
52
|
-
end
|
53
|
-
|
54
|
-
allow do
|
55
|
-
origins '*'
|
56
|
-
resource '/multi-allow-config', :max_age => 300, :credentials => false
|
57
|
-
end
|
58
|
-
|
59
|
-
allow do
|
60
|
-
origins ''
|
61
|
-
resource '/blank-origin'
|
62
|
-
end
|
63
|
-
end
|