restrack 1.6.2 → 1.6.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -37,6 +37,7 @@ module RESTRack
37
37
 
38
38
  # For CORS support
39
39
  if RESTRack::CONFIG[:CORS]
40
+ raise HTTP403Forbidden if @headers['Origin'].nil?
40
41
  raise HTTP403Forbidden unless RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'].include?(@headers['Origin'])
41
42
  raise HTTP403Forbidden unless @request.env['REQUEST_METHOD'] == 'OPTIONS' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'].include?(@request.env['REQUEST_METHOD'])
42
43
  end
@@ -1,3 +1,3 @@
1
1
  module RESTRack
2
- VERSION = "1.6.2"
2
+ VERSION = "1.6.3"
3
3
  end
@@ -10,6 +10,24 @@ class SampleApp::TestCORSHeaders < Test::Unit::TestCase
10
10
  @ws = SampleApp::WebService.new
11
11
  end
12
12
 
13
+ def test_cors_no_origin_header
14
+ RESTRack::CONFIG[:CORS] = {}
15
+ RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
16
+ RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
17
+ env = Rack::MockRequest.env_for('/foo_bar/144', {
18
+ :method => 'GET'
19
+ })
20
+ output = @ws.call(env)
21
+ expected_status = 403
22
+ expected_headers = {
23
+ "Content-Type" => "application/json",
24
+ "Access-Control-Allow-Origin" => "http://restrack.me",
25
+ "Access-Control-Allow-Methods" => "POST, GET"
26
+ }
27
+ assert_equal expected_status, output[0]
28
+ assert_equal expected_headers, output[1]
29
+ end
30
+
13
31
  def test_cors_on_allowed_domain
14
32
  RESTRack::CONFIG[:CORS] = {}
15
33
  RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: restrack
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.6.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors: