startback 0.14.4 → 0.15.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c5c3f249ec6472efb11b54a4f986e821a5cac786289cf8e6b6030ecfee74ed5d
4
- data.tar.gz: 4e5c9cbe214c1406dbcf540fb956265646408a5c5617b056969f43b9d0ac384b
3
+ metadata.gz: b8e08eed55633b64b47f2307a4264023f3232f67cae42170528e6791801bc58f
4
+ data.tar.gz: ea734a5d5fb6ae5f2259e66f2d90716136ec932f177309e5739b5f4c9bd720c0
5
5
  SHA512:
6
- metadata.gz: 34394cd84378932d4c8355364fbff7d19b7c7d78c3002f039952813ebf0b74e55edf7ad080838362f5e2827846f6bbfd3f35d2ab8dc0d5b4cd708da02d50a932
7
- data.tar.gz: ba61cc3907b2b14dd8ee0abc8ea2d70772b841dadc6c9e71338c1bec6074f929543430607392ea85c851ff7ec74b089286b8307845f0fc9ad31b1d65e3b6299c
6
+ metadata.gz: 7f43df37c925b1e8c8747c3670cd6c8bbc4389d0c6a75e4494318e2073585793cb91e901426ee7ab05ccbbcb19f56bf67e8c6aca7a750f60e116a5ce1db6de41
7
+ data.tar.gz: cdca0ff90178824867fe2c9218b2eecbecbc0c6a440588a774a22ab6341a959c6a0e747c711212792ddfeb6697bfdbf8c0067d0aa3e04df84fe779931b84edb4
@@ -1,8 +1,8 @@
1
1
  module Startback
2
2
  module Version
3
3
  MAJOR = 0
4
- MINOR = 14
5
- TINY = 4
4
+ MINOR = 15
5
+ TINY = 2
6
6
  end
7
7
  VERSION = "#{Version::MAJOR}.#{Version::MINOR}.#{Version::TINY}"
8
8
  end
@@ -14,6 +14,12 @@ module Startback
14
14
  # # as Access-Control-Allow-Origin response header
15
15
  # use CorsHeaders, bounce: true
16
16
  #
17
+ # # Force a bouncing of the origin, but only for whitelisted candidates
18
+ # use CorsHeaders, bounce: ['https://*.test.com', 'https://*.test.devel']
19
+ #
20
+ # # The option above also works with a comma-separated string
21
+ # use CorsHeaders, bounce: 'https://*.test.com,https://*.test.devel'
22
+ #
17
23
  # # Overrides a specific header
18
24
  # use CorsHeaders, headers: { 'Access-Control-Allow-Methods' => 'POST' }
19
25
  #
@@ -47,6 +53,7 @@ module Startback
47
53
  def initialize(app, options = {})
48
54
  @app = app
49
55
  @options = Startback::Support.deep_merge(DEFAULT_OPTIONS, options)
56
+ @options[:bounce] = compile_bounce!(@options[:bounce])
50
57
  end
51
58
 
52
59
  def call(env)
@@ -65,14 +72,46 @@ module Startback
65
72
 
66
73
  def cors_headers(origin)
67
74
  headers = @options[:headers].dup
68
- if bounce?
69
- headers['Access-Control-Allow-Origin'] = origin
75
+ if bounce = do_bounce(origin)
76
+ headers['Access-Control-Allow-Origin'] = bounce
77
+ else
78
+ headers.delete('Access-Control-Allow-Origin')
70
79
  end
71
80
  headers
72
81
  end
73
82
 
74
- def bounce?
75
- @options[:bounce]
83
+ def compile_bounce!(bounce)
84
+ case bounce
85
+ when TrueClass
86
+ true
87
+ when FalseClass, NilClass
88
+ nil
89
+ when Regexp
90
+ bounce
91
+ when String
92
+ rx_str = bounce
93
+ .split(',')
94
+ .map{|b| b.gsub(/\*/, '[^.]+') }
95
+ .join('|')
96
+ Regexp.new("^(#{rx_str})$")
97
+ when Array
98
+ compile_bounce!(bounce.join(','))
99
+ else
100
+ nil
101
+ end
102
+ end
103
+
104
+ def do_bounce(origin)
105
+ case bounce = @options[:bounce]
106
+ when NilClass
107
+ @options[:headers]['Access-Control-Allow-Origin']
108
+ when TrueClass
109
+ origin
110
+ when Regexp
111
+ bounce =~ origin ? origin : nil
112
+ else
113
+ nil
114
+ end
76
115
  end
77
116
 
78
117
  end # class AllowCors
@@ -40,6 +40,7 @@ module Startback
40
40
  def body_for(ex)
41
41
  ex = ex.root_cause if ex.is_a?(Finitio::TypeError)
42
42
  body = { code: ex.class.name, description: ex.message }
43
+ body[:location] = ex.location if ex.is_a?(Finitio::TypeError)
43
44
  return body unless ex.is_a?(Startback::Errors::Error)
44
45
  return body unless ex.has_causes?
45
46
 
@@ -17,22 +17,22 @@ module Startback
17
17
  it 'sets the CORS headers to default values' do
18
18
  header('Origin', "https://test.com")
19
19
  get '/'
20
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
21
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
20
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
21
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
22
22
  expect(last_response.body).to eql("Hello world")
23
23
  end
24
24
 
25
25
  it 'strips everything when option' do
26
26
  header('Origin', "https://test.com")
27
27
  options '/'
28
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
29
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
28
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
29
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
30
30
  expect(last_response.status).to eql(204)
31
31
  expect(last_response.body).to eql("")
32
32
  end
33
33
  end
34
34
 
35
- context 'when used with the :bounce option' do
35
+ context 'when used with the :bounce option (boolean)' do
36
36
  def app
37
37
  Rack::Builder.new do
38
38
  use CorsHeaders, bounce: true
@@ -43,12 +43,63 @@ module Startback
43
43
  it 'sets the CORS Origin header to the caller' do
44
44
  header('Origin', "https://test.com")
45
45
  get '/'
46
- expect(last_response['Access-Control-Allow-Origin']). to eql("https://test.com")
47
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
46
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
47
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
48
48
  expect(last_response.body).to eql("Hello world")
49
49
  end
50
50
  end
51
51
 
52
+ context 'when used with the :bounce option (array)' do
53
+ def app
54
+ Rack::Builder.new do
55
+ use CorsHeaders, bounce: ['https://test.com', 'https://*.test.com']
56
+ run ->(env){ [200, {}, ["Hello world"]] }
57
+ end
58
+ end
59
+
60
+ it 'sets the CORS Origin header to the caller if match' do
61
+ header('Origin', "https://test.com")
62
+ get '/'
63
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
64
+
65
+ header('Origin', "https://api.test.com")
66
+ get '/'
67
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
68
+ end
69
+
70
+ it 'rejects otherwise' do
71
+ header('Origin', "https://nosuchone.com")
72
+ get '/'
73
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
74
+ end
75
+ end
76
+
77
+ context 'when used with the :bounce option (string)' do
78
+ def app
79
+ Rack::Builder.new do
80
+ use CorsHeaders, bounce: 'https://test.com,https://*.test.com'
81
+ run ->(env){ [200, {}, ["Hello world"]] }
82
+ end
83
+ end
84
+
85
+ it 'sets the CORS Origin header to the caller if match' do
86
+ header('Origin', "https://test.com")
87
+ get '/'
88
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
89
+
90
+ header('Origin', "https://api.test.com")
91
+ get '/'
92
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
93
+ end
94
+
95
+ it 'rejects otherwise' do
96
+ header('Origin', "https://nosuchone.com")
97
+ get '/'
98
+ expect(last_response.headers.key?('Access-Control-Allow-Origin')).to eql(false)
99
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
100
+ end
101
+ end
102
+
52
103
  context 'when overriding a header' do
53
104
  def app
54
105
  Rack::Builder.new do
@@ -60,8 +111,8 @@ module Startback
60
111
  it 'sets the CORS Origin header to the caller' do
61
112
  header('Origin', "https://test.com")
62
113
  get '/'
63
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
64
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
114
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
115
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
65
116
  expect(last_response.body).to eql("Hello world")
66
117
  end
67
118
  end
@@ -77,8 +128,8 @@ module Startback
77
128
  it 'does not override them' do
78
129
  header('Origin', "https://test.com")
79
130
  get '/'
80
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
81
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
131
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
132
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
82
133
  expect(last_response.body).to eql("Hello world")
83
134
  end
84
135
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: startback
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.14.4
4
+ version: 0.15.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bernard Lambeau
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-15 00:00:00.000000000 Z
11
+ date: 2022-08-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -133,7 +133,7 @@ dependencies:
133
133
  version: '0.10'
134
134
  - - "<"
135
135
  - !ruby/object:Gem::Version
136
- version: '0.11'
136
+ version: '0.12'
137
137
  type: :runtime
138
138
  prerelease: false
139
139
  version_requirements: !ruby/object:Gem::Requirement
@@ -143,7 +143,7 @@ dependencies:
143
143
  version: '0.10'
144
144
  - - "<"
145
145
  - !ruby/object:Gem::Version
146
- version: '0.11'
146
+ version: '0.12'
147
147
  - !ruby/object:Gem::Dependency
148
148
  name: path
149
149
  requirement: !ruby/object:Gem::Requirement