Class: A2A::Server::Middleware::CorsMiddleware

Inherits:

Object

• Object
• A2A::Server::Middleware::CorsMiddleware

Defined in:

lib/a2a/server/middleware/cors_middleware.rb

Instance Attribute Summary

• #credentials ⇒ Object readonly

  Returns the value of attribute credentials.

• #headers ⇒ Object readonly

  Returns the value of attribute headers.

• #max_age ⇒ Object readonly

  Returns the value of attribute max_age.

• #methods ⇒ Object readonly

  Returns the value of attribute methods.

• #origins ⇒ Object readonly

  Returns the value of attribute origins.

Instance Method Summary

• #add_cors_headers(origin, context) ⇒ Object private

  Add CORS headers to response context.

• #call(_request, context) { ... } ⇒ Object

  Process CORS for a request.

• #cors_headers(origin) ⇒ Hash

  Get CORS headers for an origin.

• #handle_preflight(origin, context) ⇒ Hash private

  Handle preflight OPTIONS request.

• #initialize(origins: "*", methods: %w[POST OPTIONS],, headers: %w[Content-Type Authorization],, credentials: false, max_age: 86_400, expose_headers: []) ⇒ CorsMiddleware constructor

  Initialize CORS middleware.

• #normalize_origins(origins) ⇒ Array<String>, String private

  Normalize origins configuration.

• #origin_allowed?(origin) ⇒ Boolean

  Check if an origin is allowed.

• #preflight_headers(origin) ⇒ Hash

  Get preflight CORS headers.

Constructor Details

#initialize(origins: "*", methods: %w[POST OPTIONS],, headers: %w[Content-Type Authorization],, credentials: false, max_age: 86_400, expose_headers: []) ⇒ CorsMiddleware

Initialize CORS middleware

Parameters:

• (defaults to: "*")

  Allowed origins (* for all)

• (defaults to: %w[POST OPTIONS],)

  Allowed HTTP methods

• (defaults to: %w[Content-Type Authorization],)

  Allowed headers

• (defaults to: false)

  Whether to allow credentials

• (defaults to: 86_400)

  Preflight cache duration in seconds

• (defaults to: [])

  Headers to expose to client

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 31

def initialize(origins: "*", methods: %w[POST OPTIONS],
               headers: %w[Content-Type Authorization],
               credentials: false, max_age: 86_400, expose_headers: [])
  @origins = normalize_origins(origins)
  @methods = Array(methods).map(&:upcase)
  @headers = Array(headers)
  @credentials = credentials
  @max_age = max_age
  @expose_headers = Array(expose_headers)
end

Instance Attribute Details

#credentials ⇒ Object (readonly)

Returns the value of attribute credentials.

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 20

def credentials
  @credentials
end

#headers ⇒ Object (readonly)

Returns the value of attribute headers.

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 20

def headers
  @headers
end

#max_age ⇒ Object (readonly)

Returns the value of attribute max_age.

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 20

def max_age
  @max_age
end

#methods ⇒ Object (readonly)

Returns the value of attribute methods.

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 20

def methods
  @methods
end

#origins ⇒ Object (readonly)

Returns the value of attribute origins.

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 20

def origins
  @origins
end

Instance Method Details

#add_cors_headers(origin, context) ⇒ Object (private)

Add CORS headers to response context

Parameters:

• The request origin

• The request context

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 163

def add_cors_headers(origin, context)
  cors_headers(origin).each do |key, value|
    context.set_metadata("response_header_#{key.downcase}", value)
  end
end

#call(_request, context) { ... } ⇒ Object

Process CORS for a request

Parameters:

• The JSON-RPC request

• The request context

Yields:

• Block to continue the middleware chain

Returns:

• The result from the next middleware or handler

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 49

def call(_request, context)
  # Extract HTTP method and origin from context
  http_method = context.get_metadata(:http_method) || "POST"
  origin = context.get_metadata(:origin) || context.get_metadata("Origin")

  # Handle preflight requests
  return handle_preflight(origin, context) if http_method.casecmp("OPTIONS").zero?

  # Add CORS headers to the response
  add_cors_headers(origin, context)

  # Continue to next middleware
  yield
end

#cors_headers(origin) ⇒ Hash

Get CORS headers for an origin

Parameters:

• The request origin

Returns:

• CORS headers

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 89

def cors_headers(origin)
  headers = {}

  if origin_allowed?(origin)
    headers["Access-Control-Allow-Origin"] = @origins == "*" ? "*" : origin

    headers["Access-Control-Allow-Credentials"] = "true" if @credentials

    headers["Access-Control-Expose-Headers"] = @expose_headers.join(", ") unless @expose_headers.empty?
  end

  headers
end

#handle_preflight(origin, context) ⇒ Hash (private)

Handle preflight OPTIONS request

Parameters:

• The request origin

• The request context

Returns:

• Preflight response

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 144

def handle_preflight(origin, context)
  # Add preflight headers to context for response
  preflight_headers(origin).each do |key, value|
    context.set_metadata("response_header_#{key.downcase}", value)
  end

  # Return empty response for preflight
  {
    status: 200,
    headers: preflight_headers(origin),
    body: ""
  }
end

#normalize_origins(origins) ⇒ Array<String>, String (private)

Normalize origins configuration

Parameters:

• Origins configuration

Returns:

• Normalized origins

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 127

def normalize_origins(origins)
  case origins
  when String
    origins == "*" ? "*" : [origins]
  when Array
    origins.include?("*") ? "*" : origins
  else
    ["*"]
  end
end

#origin_allowed?(origin) ⇒ Boolean

Check if an origin is allowed

Parameters:

• The origin to check

Returns:

• True if origin is allowed

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 69

def origin_allowed?(origin)
  return true if @origins == "*"
  return false if origin.nil?

  @origins.any? do |allowed_origin|
    if allowed_origin.include?("*")
      # Handle wildcard patterns
      pattern = Regexp.escape(allowed_origin).gsub('\*', ".*")
      origin.match?(/\A#{pattern}\z/)
    else
      origin == allowed_origin
    end
  end
end

#preflight_headers(origin) ⇒ Hash

Get preflight CORS headers

Parameters:

• The request origin

Returns:

• Preflight CORS headers

# File 'lib/a2a/server/middleware/cors_middleware.rb', line 108

def preflight_headers(origin)
  headers = cors_headers(origin)

  if origin_allowed?(origin)
    headers["Access-Control-Allow-Methods"] = @methods.join(", ")
    headers["Access-Control-Allow-Headers"] = @headers.join(", ")
    headers["Access-Control-Max-Age"] = @max_age.to_s
  end

  headers
end