rack-cors 0.2.6 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack-cors might be problematic. Click here for more details.

data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.6
1
+ 0.2.7
@@ -49,7 +49,13 @@ module Rack
49
49
  end
50
50
  end
51
51
  status, headers, body = @app.call env
52
- headers = headers.merge(cors_headers) if cors_headers
52
+ if cors_headers
53
+ headers = headers.merge(cors_headers)
54
+ unless headers['Access-Control-Allow-Origin'] == '*'
55
+ vary = headers['Vary']
56
+ headers['Vary'] = ((vary ? vary.split(/,\s*/) : []) + ['Origin']).uniq.join(', ')
57
+ end
58
+ end
53
59
  [status, headers, body]
54
60
  end
55
61
 
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "rack-cors"
8
- s.version = "0.2.6"
8
+ s.version = "0.2.7"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Calvin Yu"]
12
- s.date = "2012-04-26"
12
+ s.date = "2012-06-07"
13
13
  s.description = "Middleware that will make Rack-based apps CORS compatible. Read more here: http://blog.sourcebender.com/2010/06/09/introducin-rack-cors.html. Fork the project here: http://github.com/cyu/rack-cors"
14
14
  s.email = "me@sourcebender.com"
15
15
  s.extra_rdoc_files = [
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
31
31
  s.homepage = "http://github.com/cyu/rack-cors"
32
32
  s.licenses = ["MIT"]
33
33
  s.require_paths = ["lib"]
34
- s.rubygems_version = "1.8.23"
34
+ s.rubygems_version = "1.8.24"
35
35
  s.summary = "Middleware for enabling Cross-Origin Resource Sharing in Rack apps"
36
36
 
37
37
  if s.respond_to? :specification_version then
@@ -43,6 +43,20 @@ class CorsTest < Test::Unit::TestCase
43
43
  assert_equal 'expose-test-1, expose-test-2', last_response.headers['Access-Control-Expose-Headers']
44
44
  end
45
45
 
46
+ should 'add Vary header if Access-Control-Allow-Origin header was added and if it is specific' do
47
+ cors_request '/', :origin => "http://192.168.0.3:8080"
48
+ assert_cors_success
49
+ assert_equal 'http://192.168.0.3:8080', last_response.headers['Access-Control-Allow-Origin']
50
+ assert_not_nil last_response.headers['Vary'], 'missing Vary header'
51
+ end
52
+
53
+ should 'not add Vary header if Access-Control-Allow-Origin header was added and if it is generic (*)' do
54
+ cors_request '/public_without_credentials', :origin => "http://192.168.1.3:8080"
55
+ assert_cors_success
56
+ assert_equal '*', last_response.headers['Access-Control-Allow-Origin']
57
+ assert_nil last_response.headers['Vary'], 'no expecting Vary header'
58
+ end
59
+
46
60
  context 'preflight requests' do
47
61
  should 'fail if origin is invalid' do
48
62
  preflight_request('http://allyourdataarebelongtous.com', '/')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cors
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.6
4
+ version: 0.2.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-04-26 00:00:00.000000000 Z
12
+ date: 2012-06-07 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack
@@ -142,7 +142,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
142
142
  version: '0'
143
143
  segments:
144
144
  - 0
145
- hash: 3665249374424350309
145
+ hash: -4990705370164666
146
146
  required_rubygems_version: !ruby/object:Gem::Requirement
147
147
  none: false
148
148
  requirements:
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
151
151
  version: '0'
152
152
  requirements: []
153
153
  rubyforge_project:
154
- rubygems_version: 1.8.23
154
+ rubygems_version: 1.8.24
155
155
  signing_key:
156
156
  specification_version: 3
157
157
  summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps