Class: Rack::Cors::Resource

Inherits:

Object

• Object
• Rack::Cors::Resource

Defined in:

lib/rack/cors/resource.rb,
lib/rack/cors/resources/cors_misconfiguration_error.rb

Defined Under Namespace

Classes: CorsMisconfigurationError

Constant Summary

CORS_SIMPLE_HEADERS =

All CORS routes need to accept CORS simple headers at all times https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

%w[accept accept-language content-language content-type].freeze

Instance Attribute Summary

• #credentials ⇒ Object

  Returns the value of attribute credentials.

• #expose ⇒ Object

  Returns the value of attribute expose.

• #headers ⇒ Object

  Returns the value of attribute headers.

• #if_proc ⇒ Object

  Returns the value of attribute if_proc.

• #max_age ⇒ Object

  Returns the value of attribute max_age.

• #methods ⇒ Object

  Returns the value of attribute methods.

• #path ⇒ Object

  Returns the value of attribute path.

• #pattern ⇒ Object

  Returns the value of attribute pattern.

• #vary_headers ⇒ Object

  Returns the value of attribute vary_headers.

Instance Method Summary

• #initialize(public_resource, path, opts = {}) ⇒ Resource constructor

  A new instance of Resource.

• #match?(path, env) ⇒ Boolean
• #matches_path?(path) ⇒ Boolean
• #process_preflight(env, result) ⇒ Object
• #to_headers(env) ⇒ Object

Constructor Details

#initialize(public_resource, path, opts = {}) ⇒ Resource

Returns a new instance of Resource.

Raises:

• (CorsMisconfigurationError)

# File 'lib/rack/cors/resource.rb', line 12

def initialize(public_resource, path, opts = {})
  raise CorsMisconfigurationError if public_resource && opts[:credentials] == true

  self.path         = path
  self.credentials  = public_resource ? false : (opts[:credentials] == true)
  self.max_age      = opts[:max_age] || 7200
  self.pattern      = compile(path)
  self.if_proc      = opts[:if]
  self.vary_headers = opts[:vary] && [opts[:vary]].flatten
  @public_resource  = public_resource

  self.headers = case opts[:headers]
                 when :any then :any
                 when nil then nil
                 else
                   [opts[:headers]].flatten.collect(&:downcase)
                 end

  self.methods = case opts[:methods]
                 when :any then %i[get head post put patch delete options]
                 else
                   ensure_enum(opts[:methods]) || [:get]
                 end.map(&:to_s)

  self.expose = opts[:expose] ? [opts[:expose]].flatten : nil
end

Instance Attribute Details

#credentials ⇒ Object

Returns the value of attribute credentials.

# File 'lib/rack/cors/resource.rb', line 10

def credentials
  @credentials
end

#expose ⇒ Object

Returns the value of attribute expose.

# File 'lib/rack/cors/resource.rb', line 10

def expose
  @expose
end

#headers ⇒ Object

Returns the value of attribute headers.

# File 'lib/rack/cors/resource.rb', line 10

def headers
  @headers
end

#if_proc ⇒ Object

Returns the value of attribute if_proc.

# File 'lib/rack/cors/resource.rb', line 10

def if_proc
  @if_proc
end

#max_age ⇒ Object

Returns the value of attribute max_age.

# File 'lib/rack/cors/resource.rb', line 10

def max_age
  @max_age
end

#methods ⇒ Object

Returns the value of attribute methods.

# File 'lib/rack/cors/resource.rb', line 10

def methods
  @methods
end

#path ⇒ Object

Returns the value of attribute path.

# File 'lib/rack/cors/resource.rb', line 10

def path
  @path
end

#pattern ⇒ Object

Returns the value of attribute pattern.

# File 'lib/rack/cors/resource.rb', line 10

def pattern
  @pattern
end

#vary_headers ⇒ Object

Returns the value of attribute vary_headers.

# File 'lib/rack/cors/resource.rb', line 10

def vary_headers
  @vary_headers
end

Instance Method Details

#match?(path, env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/cors/resource.rb', line 43

def match?(path, env)
  matches_path?(path) && (if_proc.nil? || if_proc.call(env))
end

#matches_path?(path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/cors/resource.rb', line 39

def matches_path?(path)
  pattern =~ path
end

#process_preflight(env, result) ⇒ Object

# File 'lib/rack/cors/resource.rb', line 47

def process_preflight(env, result)
  headers = {}

  request_method = env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_METHOD]
  result.miss(Result::MISS_NO_METHOD) && (return headers) if request_method.nil?
  result.miss(Result::MISS_DENY_METHOD) && (return headers) unless methods.include?(request_method.downcase)

  request_headers = env[Rack::Cors::HTTP_ACCESS_CONTROL_REQUEST_HEADERS]
  result.miss(Result::MISS_DENY_HEADER) && (return headers) if request_headers && !allow_headers?(request_headers)

  result.hit = true
  headers.merge(to_preflight_headers(env))
end

#to_headers(env) ⇒ Object

# File 'lib/rack/cors/resource.rb', line 61

def to_headers(env)
  h = {
    'access-control-allow-origin' => origin_for_response_header(env[Rack::Cors::HTTP_ORIGIN]),
    'access-control-allow-methods' => methods.collect { |m| m.to_s.upcase }.join(', '),
    'access-control-expose-headers' => expose.nil? ? '' : expose.join(', '),
    'access-control-max-age' => max_age.to_s
  }
  h['access-control-allow-credentials'] = 'true' if credentials
  header_proc.call(h)
end