restrack 1.6.2 → 1.6.3

data/lib/restrack/resource_request.rb

@@ -37,6 +37,7 @@ module RESTRack
 
       # For CORS support
       if RESTRack::CONFIG[:CORS]
+        raise HTTP403Forbidden if @headers['Origin'].nil?
         raise HTTP403Forbidden unless RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'].include?(@headers['Origin'])
         raise HTTP403Forbidden unless @request.env['REQUEST_METHOD'] == 'OPTIONS' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'].include?(@request.env['REQUEST_METHOD'])
       end

data/lib/restrack/version.rb

@@ -1,3 +1,3 @@
 module RESTRack
-  VERSION = "1.6.2"
+  VERSION = "1.6.3"
 end

data/test/sample_app_1/test/test_cors_jsonp_support.rb

@@ -10,6 +10,24 @@ class SampleApp::TestCORSHeaders < Test::Unit::TestCase
     @ws = SampleApp::WebService.new
   end
 
+  def test_cors_no_origin_header
+    RESTRack::CONFIG[:CORS] = {}
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
+    env = Rack::MockRequest.env_for('/foo_bar/144', {
+      :method     => 'GET'
+    })
+    output = @ws.call(env)
+    expected_status = 403
+    expected_headers =  {
+      "Content-Type" => "application/json",
+      "Access-Control-Allow-Origin"   => "http://restrack.me",
+      "Access-Control-Allow-Methods"  => "POST, GET"
+    }
+    assert_equal expected_status, output[0]
+    assert_equal expected_headers, output[1]
+  end
+
   def test_cors_on_allowed_domain
     RESTRack::CONFIG[:CORS] = {}
     RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: restrack
 version: !ruby/object:Gem::Version
-  version: 1.6.2
+  version: 1.6.3
   prerelease: 
 platform: ruby
 authors: