startback 0.14.4 → 0.15.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c5c3f249ec6472efb11b54a4f986e821a5cac786289cf8e6b6030ecfee74ed5d
4
- data.tar.gz: 4e5c9cbe214c1406dbcf540fb956265646408a5c5617b056969f43b9d0ac384b
3
+ metadata.gz: d3b72151f15267aa20de6185a0f6c33d6ee22370171dfb34574604dfb1c5016c
4
+ data.tar.gz: 2aa005e7ca84a6dab18a29b0054ad16483b5c8b27e789351c8dfb3bccdc4714a
5
5
  SHA512:
6
- metadata.gz: 34394cd84378932d4c8355364fbff7d19b7c7d78c3002f039952813ebf0b74e55edf7ad080838362f5e2827846f6bbfd3f35d2ab8dc0d5b4cd708da02d50a932
7
- data.tar.gz: ba61cc3907b2b14dd8ee0abc8ea2d70772b841dadc6c9e71338c1bec6074f929543430607392ea85c851ff7ec74b089286b8307845f0fc9ad31b1d65e3b6299c
6
+ metadata.gz: fb5b6cb84aa0fb74ad5600fd5cefaf7efc1bd0bd659555e5035031db98646d7cf44f66c22c1c04ffa020d74dbdb4ad4609e09a8dda2efee7b0f41570a0ce57ae
7
+ data.tar.gz: ebacc25e2ca8628d5914396314bec03a22d65fa39886656f2f0863fb02efc1276cda9ccf07e1ef0256489ad17845e5e3fb224c4707ce4295740917af872b240f
@@ -1,8 +1,8 @@
1
1
  module Startback
2
2
  module Version
3
3
  MAJOR = 0
4
- MINOR = 14
5
- TINY = 4
4
+ MINOR = 15
5
+ TINY = 0
6
6
  end
7
7
  VERSION = "#{Version::MAJOR}.#{Version::MINOR}.#{Version::TINY}"
8
8
  end
@@ -14,6 +14,12 @@ module Startback
14
14
  # # as Access-Control-Allow-Origin response header
15
15
  # use CorsHeaders, bounce: true
16
16
  #
17
+ # # Force a bouncing of the origin, but only for whitelisted candidates
18
+ # use CorsHeaders, bounce: ['https://*.test.com', 'https://*.test.devel']
19
+ #
20
+ # # The option above also works with a comma-separated string
21
+ # use CorsHeaders, bounce: 'https://*.test.com,https://*.test.devel'
22
+ #
17
23
  # # Overrides a specific header
18
24
  # use CorsHeaders, headers: { 'Access-Control-Allow-Methods' => 'POST' }
19
25
  #
@@ -47,6 +53,7 @@ module Startback
47
53
  def initialize(app, options = {})
48
54
  @app = app
49
55
  @options = Startback::Support.deep_merge(DEFAULT_OPTIONS, options)
56
+ @options[:bounce] = compile_bounce!(@options[:bounce])
50
57
  end
51
58
 
52
59
  def call(env)
@@ -65,14 +72,43 @@ module Startback
65
72
 
66
73
  def cors_headers(origin)
67
74
  headers = @options[:headers].dup
68
- if bounce?
69
- headers['Access-Control-Allow-Origin'] = origin
70
- end
75
+ bounce = do_bounce(origin)
76
+ headers['Access-Control-Allow-Origin'] = bounce
71
77
  headers
72
78
  end
73
79
 
74
- def bounce?
75
- @options[:bounce]
80
+ def compile_bounce!(bounce)
81
+ case bounce
82
+ when TrueClass
83
+ true
84
+ when FalseClass, NilClass
85
+ nil
86
+ when Regexp
87
+ bounce
88
+ when String
89
+ rx_str = bounce
90
+ .split(',')
91
+ .map{|b| b.gsub(/\*/, '[^.]+') }
92
+ .join('|')
93
+ Regexp.new("^(#{rx_str})$")
94
+ when Array
95
+ compile_bounce!(bounce.join(','))
96
+ else
97
+ nil
98
+ end
99
+ end
100
+
101
+ def do_bounce(origin)
102
+ case bounce = @options[:bounce]
103
+ when NilClass
104
+ @options[:headers]['Access-Control-Allow-Origin']
105
+ when TrueClass
106
+ origin
107
+ when Regexp
108
+ bounce =~ origin ? origin : nil
109
+ else
110
+ nil
111
+ end
76
112
  end
77
113
 
78
114
  end # class AllowCors
@@ -40,6 +40,7 @@ module Startback
40
40
  def body_for(ex)
41
41
  ex = ex.root_cause if ex.is_a?(Finitio::TypeError)
42
42
  body = { code: ex.class.name, description: ex.message }
43
+ body[:location] = ex.location if ex.is_a?(Finitio::TypeError)
43
44
  return body unless ex.is_a?(Startback::Errors::Error)
44
45
  return body unless ex.has_causes?
45
46
 
@@ -17,22 +17,22 @@ module Startback
17
17
  it 'sets the CORS headers to default values' do
18
18
  header('Origin', "https://test.com")
19
19
  get '/'
20
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
21
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
20
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
21
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
22
22
  expect(last_response.body).to eql("Hello world")
23
23
  end
24
24
 
25
25
  it 'strips everything when option' do
26
26
  header('Origin', "https://test.com")
27
27
  options '/'
28
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
29
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
28
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
29
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
30
30
  expect(last_response.status).to eql(204)
31
31
  expect(last_response.body).to eql("")
32
32
  end
33
33
  end
34
34
 
35
- context 'when used with the :bounce option' do
35
+ context 'when used with the :bounce option (boolean)' do
36
36
  def app
37
37
  Rack::Builder.new do
38
38
  use CorsHeaders, bounce: true
@@ -43,12 +43,62 @@ module Startback
43
43
  it 'sets the CORS Origin header to the caller' do
44
44
  header('Origin', "https://test.com")
45
45
  get '/'
46
- expect(last_response['Access-Control-Allow-Origin']). to eql("https://test.com")
47
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
46
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
47
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
48
48
  expect(last_response.body).to eql("Hello world")
49
49
  end
50
50
  end
51
51
 
52
+ context 'when used with the :bounce option (array)' do
53
+ def app
54
+ Rack::Builder.new do
55
+ use CorsHeaders, bounce: ['https://test.com', 'https://*.test.com']
56
+ run ->(env){ [200, {}, ["Hello world"]] }
57
+ end
58
+ end
59
+
60
+ it 'sets the CORS Origin header to the caller if match' do
61
+ header('Origin', "https://test.com")
62
+ get '/'
63
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
64
+
65
+ header('Origin', "https://api.test.com")
66
+ get '/'
67
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
68
+ end
69
+
70
+ it 'rejects otherwise' do
71
+ header('Origin', "https://nosuchone.com")
72
+ get '/'
73
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
74
+ end
75
+ end
76
+
77
+ context 'when used with the :bounce option (string)' do
78
+ def app
79
+ Rack::Builder.new do
80
+ use CorsHeaders, bounce: 'https://test.com,https://*.test.com'
81
+ run ->(env){ [200, {}, ["Hello world"]] }
82
+ end
83
+ end
84
+
85
+ it 'sets the CORS Origin header to the caller if match' do
86
+ header('Origin', "https://test.com")
87
+ get '/'
88
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
89
+
90
+ header('Origin', "https://api.test.com")
91
+ get '/'
92
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
93
+ end
94
+
95
+ it 'rejects otherwise' do
96
+ header('Origin', "https://nosuchone.com")
97
+ get '/'
98
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
99
+ end
100
+ end
101
+
52
102
  context 'when overriding a header' do
53
103
  def app
54
104
  Rack::Builder.new do
@@ -60,8 +110,8 @@ module Startback
60
110
  it 'sets the CORS Origin header to the caller' do
61
111
  header('Origin', "https://test.com")
62
112
  get '/'
63
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
64
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
113
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
114
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
65
115
  expect(last_response.body).to eql("Hello world")
66
116
  end
67
117
  end
@@ -77,8 +127,8 @@ module Startback
77
127
  it 'does not override them' do
78
128
  header('Origin', "https://test.com")
79
129
  get '/'
80
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
81
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
130
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
131
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
82
132
  expect(last_response.body).to eql("Hello world")
83
133
  end
84
134
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: startback
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.14.4
4
+ version: 0.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bernard Lambeau
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-15 00:00:00.000000000 Z
11
+ date: 2022-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec