rack-cors 0.2.2 → 0.2.4

data/.gitignore

@@ -1 +1,2 @@
 pkg
+Gemfile.lock

data/README.rdoc

@@ -23,18 +23,22 @@ In your Gemfile:
 
 You configure Rack::Cors by passing a block to the <tt>use</tt> command:
 
-  use Rack::Cors do |cfg|
-    cfg.allow do |allow|
-      allow.origins 'localhost:3000', '127.0.0.1:3000'
-
-      allow.resource '/file/list_all/', :headers => 'x-domain-token'
-      allow.resource '/file/at/*',
+  use Rack::Cors do
+    allow do
+      origins 'localhost:3000', '127.0.0.1:3000',
+              /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/
+              # regular expressions can be used here
+
+      resource '/file/list_all/', :headers => 'x-domain-token'
+      resource '/file/at/*',
           :methods => [:get, :post, :put, :delete],
-          :headers => 'x-domain-token'
+          :headers => 'x-domain-token',
+          :expose => ['Some-Custom-Response-Header']
+          # headers to expose
     end
 
-    cfg.allow do |allow|
-      allow.origins '*'
-      allow.resource '/public/*', :headers => :any, :methods => :get
+    allow do
+      origins '*'
+      resource '/public/*', :headers => :any, :methods => :get
     end
   end

data/Rakefile

@@ -1,13 +1,30 @@
+require 'rake'
+require 'rake/testtask'
+
+desc 'Run tests'
+Rake::TestTask.new(:test) do |t|
+  t.pattern = 'test/*_test.rb'
+  t.verbose = true
+  t.warning = true
+end
+
+# ==================================================
+# JEWELER TASKS
+# ==================================================
 begin
   require 'jeweler'
   Jeweler::Tasks.new do |gemspec|
     gemspec.name = "rack-cors"
     gemspec.summary = "Middleware for enabling Cross-Origin Resource Sharing in Rack apps"
+    gemspec.description = "Middleware that will make Rack-based apps CORS compatible.  Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the project here: http://github.com/cyu/rack-cors"
     gemspec.email = "csyu77@gmail.com"
     gemspec.homepage = "http://github.com/cyu/rack-cors"
     gemspec.authors = ["Calvin Yu"]
+    gemspec.add_dependency 'rack'
+    gemspec.files.exclude 'Gemfile'
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError
   puts "Jeweler not available. Install it with: gem install jeweler"
 end
+

data/VERSION

@@ -1 +1 @@
-0.2.2
+0.2.4

data/lib/rack/cors.rb

@@ -2,18 +2,31 @@ require 'logger'
 
 module Rack
   class Cors
-    def initialize(app, opts={})
+    def initialize(app, opts={}, &block)
       @app = app
       @logger = opts[:logger]
-      yield self if block_given?
+
+      if block.arity == 1
+        block.call(self)
+      else
+        instance_eval(&block)
+      end
     end
 
-    def allow
+    def allow(&block)
       all_resources << (resources = Resources.new)
-      yield resources
+
+      if block.arity == 1
+        block.call(resources)
+      else
+        resources.instance_eval(&block)
+      end
     end
 
     def call(env)
+      env['HTTP_ORIGIN'] = 'file://' if env['HTTP_ORIGIN'] == 'null'
+      env['HTTP_ORIGIN'] ||= env['HTTP_X_ORIGIN']
+
       cors_headers = nil
       if env['HTTP_ORIGIN']
         debug(env) do
@@ -77,12 +90,9 @@ module Rack
         def origins(*args)
           @origins = args.flatten.collect do |n|
             case n
-            when /^https?:\/\// then n
-            when '*'
-              @public_resources = true
-              n
-            else
-              "http://#{n}"
+            when Regexp, /^https?:\/\// then n
+            when '*'                    then @public_resources = true; n
+            else                        "http://#{n}"
             end
           end
         end
@@ -96,7 +106,7 @@ module Rack
         end
 
         def allow_origin?(source)
-          public_resources? || @origins.include?(source)
+          public_resources? || !!@origins.detect {|origin| origin === source}
         end
 
         def find_resource(path)
@@ -105,7 +115,7 @@ module Rack
       end
 
       class Resource
-        attr_accessor :path, :methods, :headers, :max_age, :credentials, :pattern
+        attr_accessor :path, :methods, :headers, :expose, :max_age, :credentials, :pattern
 
         def initialize(public_resource, path, opts={})
           self.path        = path
@@ -121,6 +131,8 @@ module Rack
           else
             [opts[:headers]].flatten.collect{|h| h.downcase}
           end
+
+          self.expose = opts[:expose] ? [opts[:expose]].flatten : nil
         end
 
         def match?(path)
@@ -133,8 +145,10 @@ module Rack
         end
 
         def to_headers(env)
+          x_origin = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
           h = { 'Access-Control-Allow-Origin' => public_resource? ? '*' : env['HTTP_ORIGIN'],
             'Access-Control-Allow-Methods'    => methods.collect{|m| m.to_s.upcase}.join(', '),
+            'Access-Control-Expose-Headers'   => expose.nil? ? '' : expose.join(', '),
             'Access-Control-Max-Age'          => max_age.to_s }
           h['Access-Control-Allow-Credentials'] = 'true' if credentials
           h

data/rack-cors.gemspec

@@ -5,11 +5,12 @@
 
 Gem::Specification.new do |s|
   s.name = %q{rack-cors}
-  s.version = "0.2.2"
+  s.version = "0.2.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Calvin Yu"]
-  s.date = %q{2010-08-26}
+  s.date = %q{2011-06-04}
+  s.description = %q{Middleware that will make Rack-based apps CORS compatible.  Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the project here: http://github.com/cyu/rack-cors}
   s.email = %q{csyu77@gmail.com}
   s.extra_rdoc_files = [
     "README.rdoc"
@@ -22,6 +23,7 @@ Gem::Specification.new do |s|
      "lib/rack/cors.rb",
      "rack-cors.gemspec",
      "test/cors_test.rb",
+     "test/dsl_test.rb",
      "test/test.ru"
   ]
   s.homepage = %q{http://github.com/cyu/rack-cors}
@@ -30,7 +32,8 @@ Gem::Specification.new do |s|
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{Middleware for enabling Cross-Origin Resource Sharing in Rack apps}
   s.test_files = [
-    "test/cors_test.rb"
+    "test/cors_test.rb",
+     "test/dsl_test.rb"
   ]
 
   if s.respond_to? :specification_version then
@@ -38,9 +41,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack>, [">= 0"])
     else
+      s.add_dependency(%q<rack>, [">= 0"])
     end
   else
+    s.add_dependency(%q<rack>, [">= 0"])
   end
 end
 

data/test/cors_test.rb

@@ -6,7 +6,7 @@ Rack::Test::Session.class_eval do
   def options(uri, params = {}, env = {}, &block)
     env = env_for(uri, env.merge(:method => "OPTIONS", :params => params))
     process_request(uri, env, &block)
-  end  
+  end
 end
 
 Rack::Test::Methods.class_eval do
@@ -20,61 +20,95 @@ class CorsTest < Test::Unit::TestCase
     eval "Rack::Builder.new {( " + File.read(File.dirname(__FILE__) + '/test.ru') + "\n )}"
   end
 
+  should('support simple cors request') { cors_request }
+
+  should 'support regex origins configuration' do
+    cors_request :origin => 'http://192.168.0.1:1234'
+  end
+
+  should 'support alternative X-Origin header' do
+    header 'X-Origin', 'http://localhost:3000'
+    get '/'
+    assert_cors_success
+  end
+
+  should 'support expose header configuration' do
+    cors_request '/expose_single_header'
+    assert_equal 'expose-test', last_response.headers['Access-Control-Expose-Headers']
+
+  end
+
+  should 'support expose multiple header configuration' do
+    cors_request '/expose_multiple_headers'
+    assert_equal 'expose-test-1, expose-test-2', last_response.headers['Access-Control-Expose-Headers']
+  end
+
   context 'preflight requests' do
     should 'fail if origin is invalid' do
       preflight_request('http://allyourdataarebelongtous.com', '/')
-      assert_preflight_failure
+      assert_cors_failure
     end
 
     should 'fail if Access-Control-Request-Method does not exist' do
       preflight_request('http://localhost:3000', '/', :method => nil)
-      assert_preflight_failure
+      assert_cors_failure
     end
 
     should 'fail if Access-Control-Request-Method is not allowed' do
       preflight_request('http://localhost:3000', '/get-only', :method => :post)
-      assert_preflight_failure
+      assert_cors_failure
     end
 
     should 'fail if header is not allowed' do
       preflight_request('http://localhost:3000', '/single_header', :headers => 'Fooey')
-      assert_preflight_failure
+      assert_cors_failure
     end
 
     should 'allow any header if headers = :any' do
       preflight_request('http://localhost:3000', '/', :headers => 'Fooey')
-      assert_preflight_success
+      assert_cors_success
     end
 
     should 'allow header case insensitive match' do
       preflight_request('http://localhost:3000', '/single_header', :headers => 'X-Domain-Token')
-      assert_preflight_success
+      assert_cors_success
     end
 
     should 'allow multiple headers match' do
       # Webkit style
       preflight_request('http://localhost:3000', '/two_headers', :headers => 'X-Requested-With, X-Domain-Token')
-      assert_preflight_success
+      assert_cors_success
 
       # Gecko style
       preflight_request('http://localhost:3000', '/two_headers', :headers => 'x-requested-with,x-domain-token')
-      assert_preflight_success
+      assert_cors_success
     end
 
     should '* origin should allow any origin' do
       preflight_request('http://locohost:3000', '/public')
-      assert_preflight_success
+      assert_cors_success
       assert_equal '*', last_response.headers['Access-Control-Allow-Origin']
     end
 
     should 'return a Content-Type' do
       preflight_request('http://localhost:3000', '/')
-      assert_preflight_success
+      assert_cors_success
       assert_not_nil last_response.headers['Content-Type']
     end
   end
 
   protected
+    def cors_request(*args)
+      path = args.first.is_a?(String) ? args.first : '/'
+
+      opts = args.last.is_a?(Hash) ? args.last : {:origin => 'http://localhost:3000'}
+      origin = opts[:origin]
+
+      header 'Origin', origin
+      get path
+      assert_cors_success
+    end
+
     def preflight_request(origin, path, opts = {})
       header 'Origin', origin
       unless opts.key?(:method) && opts[:method].nil?
@@ -86,11 +120,11 @@ class CorsTest < Test::Unit::TestCase
       options path
     end
 
-    def assert_preflight_success
-      assert_not_nil last_response.headers['Access-Control-Allow-Origin']
+    def assert_cors_success
+      assert_not_nil last_response.headers['Access-Control-Allow-Origin'], 'missing Access-Control-Allow-Origin header'
     end
 
-    def assert_preflight_failure
-      assert_nil last_response.headers['Access-Control-Allow-Origin']
+    def assert_cors_failure
+      assert_nil last_response.headers['Access-Control-Allow-Origin'], 'no expecting Access-Control-Allow-Origin header'
     end
 end

data/test/dsl_test.rb

@@ -0,0 +1,32 @@
+require 'rubygems'
+require 'rack/cors'
+require 'shoulda'
+
+
+class DSLTest < Test::Unit::TestCase
+  should 'support explicit config object dsl mode' do
+    cors = Rack::Cors.new(Proc.new {}) do |cfg|
+      cfg.allow do |allow|
+        allow.origins 'localhost:3000', '127.0.0.1:3000'
+        allow.resource '/get-only', :methods => :get
+        allow.resource '/', :headers => :any
+      end
+    end
+    resources = cors.send :all_resources
+    assert_equal 1, resources.length
+    assert resources.first.allow_origin?('http://localhost:3000')
+  end
+
+  should 'support implicit config object dsl mode' do
+    cors = Rack::Cors.new(Proc.new {}) do
+      allow do
+        origins 'localhost:3000', '127.0.0.1:3000'
+        resource '/get-only', :methods => :get
+        resource '/', :headers => :any
+      end
+    end
+    resources = cors.send :all_resources
+    assert_equal 1, resources.length
+    assert resources.first.allow_origin?('http://localhost:3000')
+  end
+end

data/test/test.ru

@@ -1,22 +1,24 @@
 require 'rack/cors'
 
-use Rack::Cors do |cfg|
-  cfg.allow do |allow|
-    allow.origins 'localhost:3000', '127.0.0.1:3000'
+use Rack::Cors do
+  allow do
+    origins 'localhost:3000', '127.0.0.1:3000', /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/
 
-    allow.resource '/get-only', :methods => :get
-    allow.resource '/', :headers => :any
-    allow.resource '/single_header', :headers => 'x-domain-token'
-    allow.resource '/two_headers', :headers => %w{x-domain-token x-requested-with}
-    # allow.resource '/file/at/*',
+    resource '/get-only', :methods => :get
+    resource '/', :headers => :any
+    resource '/single_header', :headers => 'x-domain-token'
+    resource '/two_headers', :headers => %w{x-domain-token x-requested-with}
+    resource '/expose_single_header', :expose => 'expose-test'
+    resource '/expose_multiple_headers', :expose => %w{expose-test-1 expose-test-2}
+    # resource '/file/at/*',
     #     :methods => [:get, :post, :put, :delete],
     #     :headers => :any,
     #     :max_age => 0
   end
 
-  cfg.allow do |allow|
-    allow.origins '*'
-    allow.resource '/public'
+  allow do
+    origins '*'
+    resource '/public'
   end
 end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-cors
 version: !ruby/object:Gem::Version 
-  hash: 19
+  hash: 31
   prerelease: false
   segments: 
   - 0
   - 2
-  - 2
-  version: 0.2.2
+  - 4
+  version: 0.2.4
 platform: ruby
 authors: 
 - Calvin Yu
@@ -15,11 +15,24 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-26 00:00:00 -04:00
+date: 2011-06-04 00:00:00 -04:00
 default_executable: 
-dependencies: []
-
-description: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+description: "Middleware that will make Rack-based apps CORS compatible.  Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html.  Fork the project here: http://github.com/cyu/rack-cors"
 email: csyu77@gmail.com
 executables: []
 
@@ -35,6 +48,7 @@ files:
 - lib/rack/cors.rb
 - rack-cors.gemspec
 - test/cors_test.rb
+- test/dsl_test.rb
 - test/test.ru
 has_rdoc: true
 homepage: http://github.com/cyu/rack-cors
@@ -72,3 +86,4 @@ specification_version: 3
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
 test_files: 
 - test/cors_test.rb
+- test/dsl_test.rb