sinatra-cors 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/sinatra/cors.rb +104 -0
- metadata +49 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: c2bc1222ec8ec8330f4d315673a0ca86bb9bb713
|
|
4
|
+
data.tar.gz: 0af5f254fe59eb85c126696a8752ff1c840d1f5e
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 36e1a8f117d2bf8a67fa8bf6d9857f8935159cb059ec5613c3bee59bbce0b653afe2d2ab69a858a67623c4a0ce9db0b4c8b6d68c12c845eba851a9725490f19c
|
|
7
|
+
data.tar.gz: a9227d942a57d2171a6dddbef420c54feb1e3c718a8fb69951492d8504d5352229f85b3320c89c597b7cb6cc4f6cd89fbe732087793d89e3c9aa66972e799936
|
data/lib/sinatra/cors.rb
ADDED
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
require "sinatra/base"
|
|
2
|
+
|
|
3
|
+
module Sinatra
|
|
4
|
+
module Cors
|
|
5
|
+
module Helpers
|
|
6
|
+
def cors
|
|
7
|
+
if is_cors_request?
|
|
8
|
+
if is_preflight_request?
|
|
9
|
+
unless method_is_allowed?
|
|
10
|
+
logger.warn bad_method_message
|
|
11
|
+
return
|
|
12
|
+
end
|
|
13
|
+
unless headers_are_allowed?
|
|
14
|
+
logger.warn bad_headers_message
|
|
15
|
+
return
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
response.headers["Access-Control-Allow-Headers"] = request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]
|
|
19
|
+
response.headers["Access-Control-Allow-Methods"] = request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]
|
|
20
|
+
response.headers["Access-Control-Max-Age"] = settings.max_age if settings.max_age?
|
|
21
|
+
else
|
|
22
|
+
response.headers["Access-Control-Expose-Headers"] = settings.expose_headers if settings.expose_headers?
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
if origin_is_allowed?
|
|
26
|
+
response.headers["Access-Control-Allow-Origin"] = request.env["HTTP_ORIGIN"]
|
|
27
|
+
else
|
|
28
|
+
logger.warn bad_origin_message
|
|
29
|
+
response.headers["Access-Control-Allow-Origin"] = "null"
|
|
30
|
+
end
|
|
31
|
+
response.headers["Access-Control-Allow-Credentials"] = settings.allow_credentials.to_s if settings.allow_credentials?
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def is_cors_request?
|
|
36
|
+
request.env.has_key? "HTTP_ORIGIN"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def is_preflight_request?
|
|
40
|
+
request.env["REQUEST_METHOD"] == "OPTIONS"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def method_is_allowed?
|
|
44
|
+
allow_methods = settings.allow_methods || response.headers["Allow"] || ""
|
|
45
|
+
request_method = request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"] || ""
|
|
46
|
+
allow_methods.split.include? request_method
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def headers_are_allowed?
|
|
50
|
+
allow_headers = settings.allow_headers || ""
|
|
51
|
+
request_headers = request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"] || ""
|
|
52
|
+
diff = request_headers.split - allow_headers.split
|
|
53
|
+
diff.size == 0
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def origin_is_allowed?
|
|
57
|
+
settings.allow_origin == "*" || settings.allow_origin.split.include?(request.env["HTTP_ORIGIN"])
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
private
|
|
61
|
+
|
|
62
|
+
def bad_method_message
|
|
63
|
+
"This CORS preflight request was rejected because the client is asking permission to make a \
|
|
64
|
+
'#{request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]}' request, but the server only allows \
|
|
65
|
+
'#{settings.allow_methods}' requests. To allow the server to respond to this request method, add it \
|
|
66
|
+
to the `allow_methods` sinatra setting."
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def bad_headers_message
|
|
70
|
+
"This CORS preflight request was rejected because the client is asking permission to make a \
|
|
71
|
+
request with the headers '#{request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]}', but the server \
|
|
72
|
+
only allows requests with the headers '#{settings.allow_headers}'. To allow the server to respond \
|
|
73
|
+
to requests with these headers, you can add them to the `allow_headers` sinatra setting."
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def bad_origin_message
|
|
77
|
+
"This CORS request was rejected because the client is making the request from '#{request.env["HTTP_ORIGIN"]}', but the server only allows requests from '#{settings.allow_origin}'. To allow the server to respond to requests from this origin, you can add it to the `allow_origin` sinatra setting."
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def self.registered(app)
|
|
82
|
+
app.helpers Cors::Helpers
|
|
83
|
+
|
|
84
|
+
app.disable :allow_origin
|
|
85
|
+
app.disable :allow_methods
|
|
86
|
+
app.disable :allow_headers
|
|
87
|
+
app.disable :max_age
|
|
88
|
+
app.disable :expose_headers
|
|
89
|
+
app.disable :allow_credentials
|
|
90
|
+
|
|
91
|
+
app.set(:is_cors_preflight) { |bool|
|
|
92
|
+
condition { is_cors_request? && is_preflight_request? == bool }
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
app.options "*", is_cors_preflight: true do
|
|
96
|
+
response.headers["Allow"] = settings.allow_methods || ""
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
app.after do
|
|
100
|
+
cors
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: sinatra-cors
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Jason Desrosiers
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-06-28 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: 'This Sinatra plugin supports the full CORS spec including automatic
|
|
14
|
+
support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The
|
|
15
|
+
plugin logs to the default logger to guide you in setting things up properly. It
|
|
16
|
+
will tell you why a CORS request failed and tell you how to fix it.
|
|
17
|
+
|
|
18
|
+
'
|
|
19
|
+
email: jdesrosi@gmail.com
|
|
20
|
+
executables: []
|
|
21
|
+
extensions: []
|
|
22
|
+
extra_rdoc_files: []
|
|
23
|
+
files:
|
|
24
|
+
- lib/sinatra/cors.rb
|
|
25
|
+
homepage: https://github.com/jdesrosiers/sinatra-cors
|
|
26
|
+
licenses:
|
|
27
|
+
- MIT
|
|
28
|
+
metadata: {}
|
|
29
|
+
post_install_message:
|
|
30
|
+
rdoc_options: []
|
|
31
|
+
require_paths:
|
|
32
|
+
- lib
|
|
33
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
34
|
+
requirements:
|
|
35
|
+
- - ">="
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
39
|
+
requirements:
|
|
40
|
+
- - ">="
|
|
41
|
+
- !ruby/object:Gem::Version
|
|
42
|
+
version: '0'
|
|
43
|
+
requirements: []
|
|
44
|
+
rubyforge_project:
|
|
45
|
+
rubygems_version: 2.5.2
|
|
46
|
+
signing_key:
|
|
47
|
+
specification_version: 4
|
|
48
|
+
summary: CORS support for Sinatra applications
|
|
49
|
+
test_files: []
|