vidibus-xss 0.1.7 → 0.1.8

data/VERSION

@@ -1 +1 @@
-0.1.7
+0.1.8

data/lib/vidibus/xss/extensions/controller.rb

@@ -20,6 +20,19 @@ module Vidibus
         
         protected
         
+        # Returns true if requesting client is in list of xss clients.
+        def xss_client?
+          @is_xss_client ||= !!xss_client
+        end
+  
+        # Returns requesting client if it is in list of xss clients.
+        def xss_client
+          @xss_client ||= begin
+            return unless origin = request.headers["Origin"]
+            xss_clients.detect { |c| c == origin }
+          end
+        end
+        
         # Returns layout for current request format.
         def get_layout(format = nil)
           (xss_request? or format == :xss) ? 'xss.haml' : 'application'
@@ -73,7 +86,7 @@ module Vidibus
         # Set access control headers to allow cross-domain XMLHttpRequest calls.
         # For more information, see: https://developer.mozilla.org/En/HTTP_access_control
         def xss_access_control_headers
-          headers["Access-Control-Allow-Origin"] = xss_clients.join(",")
+          headers["Access-Control-Allow-Origin"] = xss_client if xss_client
           headers["Access-Control-Allow-Methods"] = "GET,PUT,POST,OPTIONS"
           headers["Access-Control-Allow-Headers"] = "Content-Type,Depth,User-Agent,X-File-Size,X-Requested-With,If-Modified-Since,X-File-Name,Cache-Control"
           headers["Access-Control-Allow-Credentials"] = "true"
@@ -296,7 +309,7 @@ module Vidibus
 
             render_xss(xss)
           else
-            if xss_clients.include?(request.headers["Origin"])
+            if xss_client?
               xss_access_control_headers
             end
             super(*args, &block)

data/public/javascripts/vidibus.xss.js

@@ -316,7 +316,6 @@ $(function($) {
             type: method.toUpperCase(),
             beforeSend: function(xhr) {
               el.trigger('ajax:loading', xhr);
-              xhr.withCredentials = "true";
             },
             success: function(data, status, xhr) {
               el.trigger('ajax:success', [data, status, xhr]);
@@ -333,17 +332,32 @@ $(function($) {
       }
     }
   });
+  
+  /**
+   * Extend xhr object to send credentials and force XMLHttpRequest.
+   */
+  extendXhr = function(xhr) {
+    xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+    try {
+      xhr.withCredentials = "true";
+    } catch(e) {
+      alert('Cannot set xhr with credentials:\n'+e)
+    }
+  };
+  
+  /**
+   * Extends xhr on beforeSend by binding to Rails' ajax:loading event.
+   */
+  $("body").bind('ajax:loading', function(e, xhr) {
+    extendXhr(xhr);
+  });
+  
+  /**
+   * Try to send xhr request withCredentials.
+   * Unfortunately, this has to be set after the connection has been opened.
+   * If you set a beforeSend handler yourself, you have to set withCredentials by yourself.
+   */
+  $.ajaxSettings.beforeSend = function(xhr) {
+    extendXhr(xhr);
+  };
 });
-
-/**
- * Try to send xhr request withCredentials.
- * Unfortunately, this has to be set after the connection has been opened.
- * If you set a beforeSend handler yourself, you have to set withCredentials by yourself.
- */
-$.ajaxSettings.beforeSend = function(xhr) {
-  try {
-    xhr.withCredentials = "true";
-  } catch(e) {
-    alert('Cannot set xhr with credentials:\n'+e)
-  }
-};

data/vidibus-xss.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{vidibus-xss}
-  s.version = "0.1.7"
+  s.version = "0.1.8"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andre Pankratz"]

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: vidibus-xss
 version: !ruby/object:Gem::Version 
-  hash: 21
+  hash: 11
   prerelease: false
   segments: 
   - 0
   - 1
-  - 7
-  version: 0.1.7
+  - 8
+  version: 0.1.8
 platform: ruby
 authors: 
 - Andre Pankratz