Class: Rack::Cors
- Inherits:
-
Object
- Object
- Rack::Cors
- Defined in:
- lib/rack/cors.rb,
lib/rack/cors/result.rb,
lib/rack/cors/version.rb,
lib/rack/cors/resource.rb,
lib/rack/cors/resources.rb,
lib/rack/cors/resources/cors_misconfiguration_error.rb more...
Defined Under Namespace
Classes: Resource, Resources, Result
Constant Summary collapse
- HTTP_ORIGIN =
'HTTP_ORIGIN'- HTTP_X_ORIGIN =
'HTTP_X_ORIGIN'- HTTP_ACCESS_CONTROL_REQUEST_METHOD =
'HTTP_ACCESS_CONTROL_REQUEST_METHOD'- HTTP_ACCESS_CONTROL_REQUEST_HEADERS =
'HTTP_ACCESS_CONTROL_REQUEST_HEADERS'- PATH_INFO =
'PATH_INFO'- REQUEST_METHOD =
'REQUEST_METHOD'- RACK_LOGGER =
'rack.logger'- RACK_CORS =
ENV_KEY = 'rack.cors'
- OPTIONS =
'OPTIONS'- DEFAULT_VARY_HEADERS =
['Origin'].freeze
- VERSION =
'2.0.2'
Instance Method Summary collapse
- #allow(&block) ⇒ Object
- #call(env) ⇒ Object
- #debug? ⇒ Boolean
-
#initialize(app, opts = {}, &block) ⇒ Cors
constructor
A new instance of Cors.
Constructor Details
permalink #initialize(app, opts = {}, &block) ⇒ Cors
Returns a new instance of Cors.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/rack/cors.rb', line 29 def initialize(app, opts = {}, &block) @app = app @debug_mode = !!opts[:debug] @logger = @logger_proc = nil logger = opts[:logger] if logger if logger.respond_to? :call @logger_proc = opts[:logger] else @logger = logger end end return unless block_given? if block.arity == 1 block.call(self) else instance_eval(&block) end end |
Instance Method Details
permalink #allow(&block) ⇒ Object
[View source]
56 57 58 59 60 61 62 63 64 |
# File 'lib/rack/cors.rb', line 56 def allow(&block) all_resources << (resources = Resources.new) if block.arity == 1 block.call(resources) else resources.instance_eval(&block) end end |
permalink #call(env) ⇒ Object
[View source]
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/rack/cors.rb', line 66 def call(env) env[HTTP_ORIGIN] ||= env[HTTP_X_ORIGIN] if env[HTTP_X_ORIGIN] path = evaluate_path(env) add_headers = nil if env[HTTP_ORIGIN] debug(env) do ['Incoming Headers:', " Origin: #{env[HTTP_ORIGIN]}", " Path-Info: #{path}", " Access-Control-Request-Method: #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]}", " Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"].join("\n") end if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD] return [400, {}, []] unless Rack::Utils.valid_path?(path) headers = process_preflight(env, path) debug(env) do "Preflight Headers:\n" + headers.collect { |kv| " #{kv.join(': ')}" }.join("\n") end return [200, headers, []] else add_headers = process_cors(env, path) end else Result.miss(env, Result::MISS_NO_ORIGIN) end # This call must be done BEFORE calling the app because for some reason # env[PATH_INFO] gets changed after that and it won't match. (At least # in rails 4.1.6) vary_resource = resource_for_path(path) status, headers, body = @app.call env if add_headers headers = add_headers.merge(headers) debug(env) do add_headers.each_pair do |key, value| headers["x-rack-cors-original-#{key}"] = value if headers.key?(key) end end end # Vary header should ALWAYS mention Origin if there's ANY chance for the # response to be different depending on the Origin header value. # Better explained here: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/ if vary_resource vary = headers['vary'] cors_vary_headers = if vary_resource.vary_headers&.any? vary_resource.vary_headers else DEFAULT_VARY_HEADERS end headers['vary'] = ((vary ? [vary].flatten.map { |v| v.split(/,\s*/) }.flatten : []) + cors_vary_headers).uniq.join(', ') end result = env[ENV_KEY] result.append_header(headers) if debug? && result [status, headers, body] end |
permalink #debug? ⇒ Boolean
52 53 54 |
# File 'lib/rack/cors.rb', line 52 def debug? @debug_mode end |