sinatra-cross_origin 0.3.2 → 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a03f46718e570af93fa1d0cc8deb518cd097b500
+  data.tar.gz: cb246d9e4800eae895b7188e7b7595072a231c11
+SHA512:
+  metadata.gz: 8af36732566a4e47ba78cea2d78405d24a0c7093261bd72623ad897df7a488a474f9e3183f228ed6c042995d5bfe782aa46874e81675970d28630fe9c72cf433
+  data.tar.gz: e0fbac867b3bc687bc4721f92c3b17a4dcacb286b9e7fbf128beb032ae9d93a3954e191f588c5ecbb846e4cacb7730b275daee2dd6f4683bf5aec4988d60a363

data/README.markdown

@@ -23,6 +23,12 @@ To only enable cross origin requests for certain routes:
       "This is available to cross-origin javascripts"
     end
 
+If you're using a modular application, remember to register this extension:
+
+``` ruby
+register Sinatra::CrossOrigin
+```
+
 ## Global Configuration
 
 You can set global options via the normal Sinatra set method:
@@ -44,6 +50,21 @@ You can change configuration options on the fly within routes with:
       "My custom cross origin response"
     end
 
+## Responding to `OPTIONS`
+Many browsers send an `OPTIONS` request to a server before performing a CORS request (this is part of [the specification for CORS](http://www.w3.org/TR/cors/) ). These sorts of requests are called [preflight requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests). Without a valid response to an `OPTIONS` request, a browser may refuse to make a CORS request (and complain that the CORS request violates the same-origin policy).
+
+Currently, this gem does not properly respond to `OPTIONS` requests. See [this issue](https://github.com/britg/sinatra-cross_origin/issues/18). You may have to add code like this in order to make your app properly respond to `OPTIONS` requests:
+
+    options "*" do
+      response.headers["Allow"] = "HEAD,GET,PUT,POST,DELETE,OPTIONS"
+     
+      response.headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept"
+     
+      200
+    end
+
+
+
 ## License
 Copyright (c) 2007, 2008, 2009 Brit Gardner
 

data/VERSION

@@ -1 +1 @@
-0.3.2
+0.4.0

data/lib/sinatra/cross_origin.rb

@@ -26,10 +26,26 @@ module Sinatra
       # from global config or custom config passed
       # as a hash
       def cross_origin(hash=nil)
-        return unless request.env['HTTP_ORIGIN']
+        request_origin = request.env['HTTP_ORIGIN']
+        return unless request_origin
         settings.set hash if hash
 
-        origin = settings.allow_origin == :any ? request.env['HTTP_ORIGIN'] : settings.allow_origin
+        if settings.allow_origin == :any
+          origin = request_origin
+        else
+          allowed_origins = *settings.allow_origin # make sure its an array
+          origin = allowed_origins.join('|')       # we'll return this unless allowed
+
+          allowed_origins.each do |allowed_origin|
+            if allowed_origin.is_a?(Regexp) ? 
+                request_origin =~ allowed_origin : 
+                request_origin == allowed_origin
+              origin = request_origin
+              break
+            end
+          end
+        end
+
         methods = settings.allow_methods.map{ |m| m.to_s.upcase! }.join(', ')
 
         headers_list = {
@@ -63,7 +79,4 @@ module Sinatra
 
     end
   end
-
-  register CrossOrigin
-
 end

data/sinatra-cross_origin.gemspec

@@ -2,14 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: sinatra-cross_origin 0.4.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "sinatra-cross_origin"
-  s.version = "0.3.2"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Brit Gardner"]
-  s.date = "2013-12-31"
+  s.date = "2016-10-20"
   s.description = "Cross Origin Resource Sharing helper for Sinatra"
   s.email = "brit@britg.com"
   s.extra_rdoc_files = [
@@ -23,22 +25,13 @@ Gem::Specification.new do |s|
     "VERSION",
     "lib/sinatra/cross_origin.rb",
     "sinatra-cross_origin.gemspec",
+    "test/app/all_routes.rb",
     "test/app/test_app.rb",
     "test/test_all.rb",
     "test/test_helper.rb"
   ]
   s.homepage = "http://github.com/britg/sinatra-cross_origin"
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.25"
+  s.rubygems_version = "2.4.5.1"
   s.summary = "Cross Origin Resource Sharing helper for Sinatra"
-
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-    else
-    end
-  else
-  end
 end
 

data/test/app/all_routes.rb

@@ -0,0 +1,11 @@
+require 'sinatra/base'
+
+class AllRoutesApp < Sinatra::Base
+  register Sinatra::CrossOrigin
+  enable :cross_origin
+
+  get '/' do
+    "Hello"
+  end
+
+end

data/test/app/test_app.rb

@@ -26,6 +26,16 @@ class TestApp < Sinatra::Base
     "Allowing any origin"
   end
 
+  get '/allow_multiple_origins' do
+    cross_origin :allow_origin => ['http://example.com', 'http://example2.com']
+    "Allowing multiple origins"
+  end
+
+  get '/allow_multiple_origins_with_reg_ex' do
+    cross_origin :allow_origin => ['http://example.com', /http:\/\/(?:sub-1|sub-2)\.example\.com/]
+    "Allowing multiple origins with regular expressions"
+  end
+
   get '/allow_methods' do
     cross_origin :allow_methods => params[:methods].split(', ')
     "Allowing methods"

data/test/test_all.rb

@@ -41,6 +41,30 @@ class HelloTest < Test::Unit::TestCase
     assert_equal 'http://example.com', last_response.headers['Access-Control-Allow-Origin']
   end
 
+  def test_allow_multiple_origins
+    get '/allow_multiple_origins', {}, {'HTTP_ORIGIN' => 'http://example.com'}
+    assert last_response.ok?
+    assert_equal 'http://example.com', last_response.headers['Access-Control-Allow-Origin']
+    
+    get '/allow_multiple_origins', {}, {'HTTP_ORIGIN' => 'http://example2.com'}
+    assert last_response.ok?
+    assert_equal 'http://example2.com', last_response.headers['Access-Control-Allow-Origin']
+    
+    get '/allow_multiple_origins', {}, {'HTTP_ORIGIN' => 'http://example3.com'}
+    assert last_response.ok?
+    assert_equal 'http://example.com|http://example2.com', last_response.headers['Access-Control-Allow-Origin']
+  end
+
+  def test_allow_multiple_origins_with_reg_ex
+    get '/allow_multiple_origins_with_reg_ex', {}, {'HTTP_ORIGIN' => 'http://example.com'}
+    assert last_response.ok?
+    assert_equal 'http://example.com', last_response.headers['Access-Control-Allow-Origin']
+    
+    get '/allow_multiple_origins_with_reg_ex', {}, {'HTTP_ORIGIN' => 'http://sub-1.example.com'}
+    assert last_response.ok?
+    assert_equal 'http://sub-1.example.com', last_response.headers['Access-Control-Allow-Origin']
+  end
+
   def test_allow_methods
     get '/allow_methods', {:methods=>'get, post'}, {'HTTP_ORIGIN' => 'http://localhost'}
     assert last_response.ok?
@@ -66,3 +90,30 @@ class HelloTest < Test::Unit::TestCase
   end
 
 end
+
+class AllRoutesTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def app
+    AllRoutesApp
+  end
+
+  def test_it_says_hello
+    get '/'
+    assert last_response.ok?
+    assert_equal 'Hello', last_response.body
+  end
+
+  def test_cross_origin_is_silent_on_same_origin_request
+    get '/'
+    assert last_response.ok?
+    assert_equal nil, last_response.headers['Access-Control-Allow-Origin']
+  end
+
+  def test_allow_any_origin
+    get '/', {}, {'HTTP_ORIGIN' => 'http://localhost'}
+    assert last_response.ok?
+    assert_equal 'http://localhost', last_response.headers['Access-Control-Allow-Origin']
+  end
+
+end

data/test/test_helper.rb

@@ -1,4 +1,5 @@
 require File.expand_path(File.dirname(__FILE__) + '/../lib/sinatra/cross_origin')
 require 'app/test_app'
+require 'app/all_routes'
 require 'test/unit'
 require 'rack/test'

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sinatra-cross_origin
 version: !ruby/object:Gem::Version
-  version: 0.3.2
-  prerelease: 
+  version: 0.4.0
 platform: ruby
 authors:
 - Brit Gardner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-31 00:00:00.000000000 Z
+date: 2016-10-20 00:00:00.000000000 Z
 dependencies: []
 description: Cross Origin Resource Sharing helper for Sinatra
 email: brit@britg.com
@@ -25,31 +24,31 @@ files:
 - VERSION
 - lib/sinatra/cross_origin.rb
 - sinatra-cross_origin.gemspec
+- test/app/all_routes.rb
 - test/app/test_app.rb
 - test/test_all.rb
 - test/test_helper.rb
 homepage: http://github.com/britg/sinatra-cross_origin
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.4.5.1
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Cross Origin Resource Sharing helper for Sinatra
 test_files: []