Class: Rack::Cors
- Inherits:
-
Object
- Object
- Rack::Cors
- Defined in:
- lib/rack/cors.rb,
lib/rack/cors/result.rb,
lib/rack/cors/version.rb,
lib/rack/cors/resource.rb,
lib/rack/cors/resources.rb,
lib/rack/cors/resources/cors_misconfiguration_error.rb
Defined Under Namespace
Classes: Resource, Resources, Result
Constant Summary collapse
- HTTP_ORIGIN =
'HTTP_ORIGIN'- HTTP_X_ORIGIN =
'HTTP_X_ORIGIN'- HTTP_ACCESS_CONTROL_REQUEST_METHOD =
'HTTP_ACCESS_CONTROL_REQUEST_METHOD'- HTTP_ACCESS_CONTROL_REQUEST_HEADERS =
'HTTP_ACCESS_CONTROL_REQUEST_HEADERS'- PATH_INFO =
'PATH_INFO'- REQUEST_METHOD =
'REQUEST_METHOD'- RACK_LOGGER =
'rack.logger'- RACK_CORS =
ENV_KEY = 'rack.cors'
- OPTIONS =
'OPTIONS'- DEFAULT_VARY_HEADERS =
['Origin'].freeze
- VERSION =
'2.0.2'
Instance Method Summary collapse
- #allow(&block) ⇒ Object
- #call(env) ⇒ Object
- #debug? ⇒ Boolean
-
#initialize(app, opts = {}, &block) ⇒ Cors
constructor
A new instance of Cors.
Constructor Details
#initialize(app, opts = {}, &block) ⇒ Cors
Returns a new instance of Cors.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/rack/cors.rb', line 29 def initialize(app, opts = {}, &block) @app = app @debug_mode = !!opts[:debug] @logger = @logger_proc = nil logger = opts[:logger] if logger if logger.respond_to? :call @logger_proc = opts[:logger] else @logger = logger end end return unless block_given? if block.arity == 1 block.call(self) else instance_eval(&block) end end |
Instance Method Details
#allow(&block) ⇒ Object
56 57 58 59 60 61 62 63 64 |
# File 'lib/rack/cors.rb', line 56 def allow(&block) all_resources << (resources = Resources.new) if block.arity == 1 block.call(resources) else resources.instance_eval(&block) end end |
#call(env) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/rack/cors.rb', line 66 def call(env) env[HTTP_ORIGIN] ||= env[HTTP_X_ORIGIN] if env[HTTP_X_ORIGIN] path = evaluate_path(env) add_headers = nil if env[HTTP_ORIGIN] debug(env) do ['Incoming Headers:', " Origin: #{env[HTTP_ORIGIN]}", " Path-Info: #{path}", " Access-Control-Request-Method: #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]}", " Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"].join("\n") end if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD] return [400, {}, []] unless Rack::Utils.valid_path?(path) headers = process_preflight(env, path) debug(env) do "Preflight Headers:\n" + headers.collect { |kv| " #{kv.join(': ')}" }.join("\n") end return [200, headers, []] else add_headers = process_cors(env, path) end else Result.miss(env, Result::MISS_NO_ORIGIN) end # This call must be done BEFORE calling the app because for some reason # env[PATH_INFO] gets changed after that and it won't match. (At least # in rails 4.1.6) vary_resource = resource_for_path(path) status, headers, body = @app.call env if add_headers headers = add_headers.merge(headers) debug(env) do add_headers.each_pair do |key, value| headers["x-rack-cors-original-#{key}"] = value if headers.key?(key) end end end # Vary header should ALWAYS mention Origin if there's ANY chance for the # response to be different depending on the Origin header value. # Better explained here: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/ if vary_resource vary = headers['vary'] cors_vary_headers = if vary_resource.vary_headers&.any? vary_resource.vary_headers else DEFAULT_VARY_HEADERS end headers['vary'] = ((vary ? [vary].flatten.map { |v| v.split(/,\s*/) }.flatten : []) + cors_vary_headers).uniq.join(', ') end result = env[ENV_KEY] result.append_header(headers) if debug? && result [status, headers, body] end |
#debug? ⇒ Boolean
52 53 54 |
# File 'lib/rack/cors.rb', line 52 def debug? @debug_mode end |