sinatra-cors 0.2.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/sinatra/cors.rb +55 -24
- metadata +4 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 99b095a00fa82a4c2cdfe85bdb60179e5869cd1937cffbe109d699547be45b57
|
|
4
|
+
data.tar.gz: d150dc04b51d2af46cf5d45a8c97a2ef1502c75f79b3b209c50375416ad2cc5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e0ac7acb9160da93efa2e7d354fa3660af188de53279c964e605654d9750e51270c6c5f1febf7d083c126e1d1ae502ffb6d86be8685321dd580eaa340091e14
|
|
7
|
+
data.tar.gz: df317fc37d8ac9ead35addd46ece5ef59ca3261fc61078e0b10ad74b0cf784644f71030cf058d6314f02e8efe8c747e3176439e92ac3e4a2a748cb6ff5cbbe64
|
data/lib/sinatra/cors.rb
CHANGED
|
@@ -5,6 +5,11 @@ module Sinatra
|
|
|
5
5
|
module Helpers
|
|
6
6
|
def cors
|
|
7
7
|
if is_cors_request?
|
|
8
|
+
unless origin_is_allowed?
|
|
9
|
+
logger.warn bad_origin_message
|
|
10
|
+
return
|
|
11
|
+
end
|
|
12
|
+
|
|
8
13
|
if is_preflight_request?
|
|
9
14
|
unless method_is_allowed?
|
|
10
15
|
logger.warn bad_method_message
|
|
@@ -16,19 +21,14 @@ module Sinatra
|
|
|
16
21
|
return
|
|
17
22
|
end
|
|
18
23
|
|
|
19
|
-
response.headers["Access-Control-Allow-Headers"] =
|
|
20
|
-
response.headers["Access-Control-Allow-Methods"] =
|
|
24
|
+
response.headers["Access-Control-Allow-Headers"] = request_headers if request_headers
|
|
25
|
+
response.headers["Access-Control-Allow-Methods"] = request_method
|
|
21
26
|
response.headers["Access-Control-Max-Age"] = settings.max_age if settings.max_age?
|
|
22
27
|
else
|
|
23
28
|
response.headers["Access-Control-Expose-Headers"] = settings.expose_headers if settings.expose_headers?
|
|
24
29
|
end
|
|
25
30
|
|
|
26
|
-
|
|
27
|
-
response.headers["Access-Control-Allow-Origin"] = request.env["HTTP_ORIGIN"]
|
|
28
|
-
else
|
|
29
|
-
logger.warn bad_origin_message
|
|
30
|
-
response.headers["Access-Control-Allow-Origin"] = "null"
|
|
31
|
-
end
|
|
31
|
+
response.headers["Access-Control-Allow-Origin"] = request.env["HTTP_ORIGIN"]
|
|
32
32
|
response.headers["Access-Control-Allow-Credentials"] = settings.allow_credentials.to_s if settings.allow_credentials?
|
|
33
33
|
end
|
|
34
34
|
end
|
|
@@ -42,19 +42,52 @@ module Sinatra
|
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
def method_is_allowed?
|
|
45
|
-
allow_methods =
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
allow_methods =
|
|
46
|
+
settings.allow_methods.upcase.split(/\s*,\s*/) &
|
|
47
|
+
response.headers["Allow"].upcase.split(/\s*,\s*/)
|
|
48
|
+
allow_methods.include? request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"].upcase
|
|
48
49
|
end
|
|
49
50
|
|
|
50
51
|
def headers_are_allowed?
|
|
51
52
|
allow_headers = settings.allow_headers
|
|
52
53
|
request_headers = request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"] || ""
|
|
53
|
-
(request_headers.split - allow_headers.split).empty?
|
|
54
|
+
(request_headers.downcase.split(/\s*,\s*/) - allow_headers.downcase.split(/\s*,\s*/)).empty?
|
|
54
55
|
end
|
|
55
56
|
|
|
56
57
|
def origin_is_allowed?
|
|
57
|
-
|
|
58
|
+
request_origin = request.env["HTTP_ORIGIN"]
|
|
59
|
+
|
|
60
|
+
settings.allow_origin == "*" || [settings.allow_origin]
|
|
61
|
+
.flatten
|
|
62
|
+
.flat_map { |origin| origin.is_a?(String) ? origin.downcase.split : origin }
|
|
63
|
+
.any? do |origin|
|
|
64
|
+
if origin.is_a?(Regexp)
|
|
65
|
+
origin.match?(request_origin)
|
|
66
|
+
else
|
|
67
|
+
origin.eql?(request_origin)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def allowed_methods
|
|
73
|
+
matches = []
|
|
74
|
+
settings.routes.each do |method, routes|
|
|
75
|
+
routes.each do |route|
|
|
76
|
+
process_route(route[0], route[1]) do |application, pattern|
|
|
77
|
+
matches << method
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
matches.uniq
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def request_headers
|
|
86
|
+
request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def request_method
|
|
90
|
+
request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]
|
|
58
91
|
end
|
|
59
92
|
|
|
60
93
|
private
|
|
@@ -74,7 +107,10 @@ to requests with these headers, you can add them to the `allow_headers` sinatra
|
|
|
74
107
|
end
|
|
75
108
|
|
|
76
109
|
def bad_origin_message
|
|
77
|
-
"This CORS request was rejected because the client is making the request from
|
|
110
|
+
"This CORS request was rejected because the client is making the request from \
|
|
111
|
+
'#{request.env["HTTP_ORIGIN"]}', but the server only allows requests from '#{settings.allow_origin}'. \
|
|
112
|
+
To allow the server to respond to requests from this origin, you can add it to the `allow_origin` \
|
|
113
|
+
sinatra setting."
|
|
78
114
|
end
|
|
79
115
|
end
|
|
80
116
|
|
|
@@ -93,18 +129,11 @@ to requests with these headers, you can add them to the `allow_headers` sinatra
|
|
|
93
129
|
end
|
|
94
130
|
|
|
95
131
|
app.options "*", is_cors_preflight: true do
|
|
96
|
-
|
|
97
|
-
settings.routes.each do |method, routes|
|
|
98
|
-
routes.each do |route|
|
|
99
|
-
process_route(route[0], route[1], route[2]) do |application, pattern|
|
|
100
|
-
matches << method
|
|
101
|
-
end
|
|
102
|
-
end
|
|
103
|
-
end
|
|
132
|
+
allow = allowed_methods
|
|
104
133
|
|
|
105
|
-
pass if
|
|
134
|
+
pass if allow.size == 1
|
|
106
135
|
|
|
107
|
-
response.headers["Allow"] =
|
|
136
|
+
response.headers["Allow"] = allow.join ","
|
|
108
137
|
end
|
|
109
138
|
|
|
110
139
|
app.after do
|
|
@@ -112,4 +141,6 @@ to requests with these headers, you can add them to the `allow_headers` sinatra
|
|
|
112
141
|
end
|
|
113
142
|
end
|
|
114
143
|
end
|
|
144
|
+
|
|
145
|
+
register Cors
|
|
115
146
|
end
|
metadata
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra-cors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jason Desrosiers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-07-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: 'This Sinatra plugin supports the full CORS spec including automatic
|
|
14
14
|
support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The
|
|
15
15
|
plugin logs to the default logger to guide you in setting things up properly. It
|
|
16
16
|
will tell you why a CORS request failed and tell you how to fix it.
|
|
17
17
|
|
|
18
|
-
'
|
|
18
|
+
'
|
|
19
19
|
email: jdesrosi@gmail.com
|
|
20
20
|
executables: []
|
|
21
21
|
extensions: []
|
|
@@ -41,8 +41,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
42
|
version: '0'
|
|
43
43
|
requirements: []
|
|
44
|
-
|
|
45
|
-
rubygems_version: 2.5.2
|
|
44
|
+
rubygems_version: 3.1.2
|
|
46
45
|
signing_key:
|
|
47
46
|
specification_version: 4
|
|
48
47
|
summary: CORS support for Sinatra applications
|