RubyGems - rack-cors - Versions diffs - 2.0.0.rc1 → 2.0.1 - Mend

rack-cors 2.0.0.rc1 → 2.0.1

Potentially problematic release.

This version of rack-cors might be problematic. Click here for more details.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4c9bf1e801f0bb5f4c5abb111fbe9a0dcfbd1bcf0da1b2070fb1575de5bcdd7
-  data.tar.gz: 9a78208ad501ffa452ac0721eeb29ccf5fc00ad392bfe2be06c8d0c6a4a1c5c0
+  metadata.gz: f47b5b2ba34721795ddb1c65e70e989134655e7f47116dd977edee702a79f41f
+  data.tar.gz: 7c03dc701b00b7418ab4d733872fccc3522392f0f85014b8ca25045767d866a9
 SHA512:
-  metadata.gz: ef9c38f1c3f6c13609afcded7d3bd0c40e22e6a098fe7f565d5d6351c1ed0e3f199752912163bd1963005b3ed4d5ae20216b6f8c94736b5f941d9e038e089829
-  data.tar.gz: 633bf8887b580a52cd0f50359d8febffd609190cbb5084ae5e02233126c14a70d019bdfd2feddba7cf078cf5d820e86856ad867fcbc1ce90bd3ecb9c75b08f64
+  metadata.gz: d5a94b8f282fd5367e125f4b49e18ce5fb1c07581d89b2d50dc8cf4eb70e8404d97c78a6ccaf90f1e41f0f220bb09ff9dd07a4677559935cc35256674e6c512d
+  data.tar.gz: bee187e2dc53281d8b454df32b6a8fd50e05b66de4f25649d74f176abf29d52eb4cee5a2b2e602e087c5f5805b6dd55ab86a9e0692d3d82c5538e0c30e3c020b

data/.github/workflows/ci.yaml ADDED Viewed

@@ -0,0 +1,39 @@
+name: ci
+on:
+  - push
+  - pull_request
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "2.3"
+          - "2.4"
+          - "2.5"
+          - "2.6"
+          - "2.7"
+          - "3.0"
+          - "3.1"
+          - "3.2"
+          - truffleruby-head
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - run: bundle exec rake test
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2.1
+          bundler-cache: true
+      - run: bundle exec rubocop

data/.rubocop.yml CHANGED Viewed

@@ -1,8 +1,8 @@
 ---
 AllCops:
   Exclude:
-    - 'examples/**/*'
+    - "examples/**/*"
+    - "vendor/**/*"
 # Disables
 Layout/LineLength:

data/CHANGELOG.md CHANGED Viewed

@@ -1,11 +1,16 @@
 # Change Log
 All notable changes to this project will be documented in this file.
-## 2.0.0 - 2022-09-11
+## 2.0.1 - 2023-02-17
+### Changed
+- Use Rack::Utils::HeaderHash when Rack 2.x is detected
+## 2.0.0 - 2023-02-14
 ### Changed
 - Refactored codebase
 - Support declaring custom protocols in origin
 - Lowercased header names as defined by Rack spec
+- Fix issue with duplicate headers because of header name case
 ## 1.1.1 - 2019-12-29
 ### Changed

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
-# Rack CORS Middleware [![Build Status](https://travis-ci.org/cyu/rack-cors.svg?branch=master)](https://travis-ci.org/cyu/rack-cors)
+# Rack CORS Middleware [![Build Status](https://github.com/cyu/rack-cors/actions/workflows/ci.yaml/badge.svg)](https://github.com/cyu/rack-cors/actions)
 `Rack::Cors` provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications.
-The [CORS spec](http://www.w3.org/TR/cors/) allows web applications to make cross domain AJAX calls without using workarounds such as JSONP. See [Cross-domain Ajax with Cross-Origin Resource Sharing](http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/)
+The [CORS spec](http://www.w3.org/TR/cors/) allows web applications to make cross domain AJAX calls without using workarounds such as JSONP. See [further explanations on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
 ## Installation
@@ -33,6 +33,8 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
 end
 ```
+NOTE: If you create application with `--api` option, configuration automatically generate in `config/initializers/cors.rb`.
 We use `insert_before` to make sure `Rack::Cors` runs at the beginning of the stack to make sure it isn't interfered with by other middleware (see `Rack::Cache` note in **Common Gotchas** section). Basic setup examples for Rails 5 & Rails 6 can be found in the examples/ directory.
 See The [Rails Guide to Rack](http://guides.rubyonrails.org/rails_on_rack.html) for more details on rack middlewares or watch the [railscast](http://railscasts.com/episodes/151-rack-middleware).
@@ -147,3 +149,12 @@ RAILS_ENV=production bundle exec rake middleware
 If you trying to serve CORS headers on static assets (like CSS, JS, Font files), keep in mind that static files are usually served directly from web servers and never runs through the Rails container (including the middleware stack where `Rack::Cors` resides).
 In Heroku, you can serve static assets through the Rails container by setting `config.serve_static_assets = true` in `production.rb`.
+### Custom Protocols (chrome-extension://, ionic://, etc.)
+Prior to 2.0.0, `http://`, `https://`, and `file://` are the only protocols supported in the `origins` list. If you wish to specify an origin that
+has a custom protocol (`chrome-extension://`, `ionic://`, etc.) simply exclude the protocol. [See issue.](https://github.com/cyu/rack-cors/issues/100)
+For example, instead of specifying `chrome-extension://aomjjhallfgjeglblehebfpbcfeobpga` specify `aomjjhallfgjeglblehebfpbcfeobpga` in `origins`.
+As of 2.0.0 (currently in RC1), you can specify origins with a custom protocol.

data/lib/rack/cors/resource.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module Rack
           'access-control-max-age' => max_age.to_s
         }
         h['access-control-allow-credentials'] = 'true' if credentials
-        h
+        header_proc.call(h)
       end
       protected
@@ -83,7 +83,7 @@ module Rack
       def to_preflight_headers(env)
         h = to_headers(env)
-        h.merge!('Access-Control-Allow-Headers' => env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_HEADERS]) if env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_HEADERS]
+        h.merge!('access-control-allow-headers' => env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_HEADERS]) if env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_HEADERS]
         h
       end
@@ -127,6 +127,16 @@ module Rack
           raise TypeError, path
         end
       end
+      def header_proc
+        @header_proc ||= begin
+          if defined?(Rack::Headers)
+            ->(h) { h }
+          else
+            ->(h) { Rack::Utils::HeaderHash.new(h) }
+          end
+        end
+      end
     end
   end
 end

data/lib/rack/cors/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Rack
   class Cors
-    VERSION = '2.0.0.rc1'
+    VERSION = '2.0.1'
   end
 end

data/rack-cors.gemspec CHANGED Viewed

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'minitest', '~> 5.11.0'
   spec.add_development_dependency 'mocha', '~> 1.6.0'
   spec.add_development_dependency 'pry', '~> 0.12'
-  spec.add_development_dependency 'rack-test', '~> 1.1.0'
+  spec.add_development_dependency 'rack-test', '>= 1.1.0'
   spec.add_development_dependency 'rake', '~> 12.3.0'
   spec.add_development_dependency 'rubocop', '~> 0.80.1'
 end

data/test/unit/cors_test.rb CHANGED Viewed

@@ -70,7 +70,7 @@ describe Rack::Cors do
       use FakeProxy if options[:proxy]
       map('/') do
         run(lambda do |_env|
-          [200, { 'Content-Type' => 'text/html' }, ['success']]
+          [200, { 'content-type' => 'text/html' }, ['success']]
         end)
       end
     end
@@ -428,7 +428,7 @@ describe Rack::Cors do
       @app ||= Rack::Builder.new do
         use Rack::Cors
         use Rack::Lint
-        run ->(_env) { [200, { 'Content-Type' => 'text/html' }, ['hello']] }
+        run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
       end
     end
@@ -474,7 +474,7 @@ describe Rack::Cors do
           end
         end
         map('/') do
-          run ->(_env) { [200, { 'Content-Type' => 'text/html' }, ['hello']] }
+          run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
         end
       end
     end
@@ -495,7 +495,7 @@ describe Rack::Cors do
           end
         end
         map('/') do
-          run ->(_env) { [200, { 'Content-Type' => 'text/html' }, ['hello']] }
+          run ->(_env) { [200, { 'content-type' => 'text/html' }, ['hello']] }
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc1
+  version: 2.0.1
 platform: ruby
 authors:
 - Calvin Yu
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-11 00:00:00.000000000 Z
+date: 2023-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -90,14 +90,14 @@ dependencies:
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.0
 - !ruby/object:Gem::Dependency
@@ -136,8 +136,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yaml"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -177,11 +177,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.3.10
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps

data/.travis.yml DELETED Viewed

@@ -1,13 +0,0 @@
-language: ruby
-sudo: false
-rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
-  - 2.7
-  - truffleruby-head
-script:
-  - bundle exec rubocop
-  - bundle exec rake test