Class: Rack::CorsGate

Inherits:
Object
  • Object
show all
Defined in:
lib/classes/cors_gate.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, opts = {}, &forbidden_handler) ⇒ CorsGate

Returns a new instance of CorsGate.



5
6
7
8
9
10
11
12
 
# File 'lib/classes/cors_gate.rb', line 5

def initialize(app, opts = {}, &forbidden_handler)
  @app = app

  @simulation = opts[:simulation] || false
  @strict = opts[:strict] || false
  @allow_safe = opts[:allow_safe] || false
  @forbidden_handler = forbidden_handler
end

Class Method Details

.use(middleware, opts = {}, &forbidden_handler) ⇒ Object 



33
34
35
36
 
# File 'lib/classes/cors_gate.rb', line 33

def self.use(middleware, opts = {}, &forbidden_handler)
  middleware.insert_before Rack::Cors, Rack::CorsGateOriginProcessor, opts
  middleware.insert_after Rack::Cors, Rack::CorsGate, opts, &forbidden_handler
end

Instance Method Details

#call(env) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/classes/cors_gate.rb', line 14

def call(env)
  origin = env['HTTP_X_ORIGIN'] || env['HTTP_ORIGIN']
  method = env['REQUEST_METHOD']

  if is_allowed(env, origin, method)
    # valid request
    @app.call(env)
  else
    # allow logging, etc
    @forbidden_handler.call(env, origin, method) if @forbidden_handler

    # if we're simulating, forbidden_handler will have been called, but we continue with app-execution
    return @app.call(env) if @simulation

    # 403 Forbidden
    [403, {}, []]
  end
end