Module: Sinatra::Cors::Helpers

Defined in:
lib/sinatra/cors.rb

Instance Method Summary collapse

Instance Method Details

#allowed_methodsObject 



72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/sinatra/cors.rb', line 72

def allowed_methods
  matches = []
  settings.routes.each do |method, routes|
    routes.each do |route|
      process_route(route[0], route[1]) do |application, pattern|
        matches << method
      end
    end
  end

  matches.uniq
end

#corsObject 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/sinatra/cors.rb', line 6

def cors
  if is_cors_request?
    unless origin_is_allowed?
      logger.warn bad_origin_message
      return
    end

    if is_preflight_request?
      unless method_is_allowed?
        logger.warn bad_method_message
        return
      end

      unless headers_are_allowed?
        logger.warn bad_headers_message
        return
      end

      response.headers["Access-Control-Allow-Headers"] = request_headers if request_headers
      response.headers["Access-Control-Allow-Methods"] = request_method
      response.headers["Access-Control-Max-Age"] = settings.max_age if settings.max_age?
    else
      response.headers["Access-Control-Expose-Headers"] = settings.expose_headers if settings.expose_headers?
    end

    response.headers["Access-Control-Allow-Origin"] = request.env["HTTP_ORIGIN"]
    response.headers["Access-Control-Allow-Credentials"] = settings.allow_credentials.to_s if settings.allow_credentials?
  end
end

#headers_are_allowed?Boolean

Returns:

  • (Boolean) 


51
52
53
54
55
 
# File 'lib/sinatra/cors.rb', line 51

def headers_are_allowed?
  allow_headers = settings.allow_headers
  request_headers = request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"] || ""
  (request_headers.downcase.split(/\s*,\s*/) - allow_headers.downcase.split(/\s*,\s*/)).empty?
end

#is_cors_request?Boolean

Returns:

  • (Boolean) 


36
37
38
 
# File 'lib/sinatra/cors.rb', line 36

def is_cors_request?
  request.env.has_key? "HTTP_ORIGIN"
end

#is_preflight_request?Boolean

Returns:

  • (Boolean) 


40
41
42
 
# File 'lib/sinatra/cors.rb', line 40

def is_preflight_request?
  request.env["REQUEST_METHOD"] == "OPTIONS"
end

#method_is_allowed?Boolean

Returns:

  • (Boolean) 


44
45
46
47
48
49
 
# File 'lib/sinatra/cors.rb', line 44

def method_is_allowed?
  allow_methods =
    settings.allow_methods.upcase.split(/\s*,\s*/) &
    response.headers["Allow"].upcase.split(/\s*,\s*/)
  allow_methods.include? request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"].upcase
end

#origin_is_allowed?Boolean

Returns:

  • (Boolean) 


57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/sinatra/cors.rb', line 57

def origin_is_allowed?
  request_origin = request.env["HTTP_ORIGIN"]

  settings.allow_origin == "*" || [settings.allow_origin]
    .flatten
    .flat_map { |origin| origin.is_a?(String) ? origin.downcase.split : origin }
    .any? do |origin|
      if origin.is_a?(Regexp)
        origin.match?(request_origin)
      else
        origin.eql?(request_origin)
      end
    end
end

#request_headersObject 



85
86
87
 
# File 'lib/sinatra/cors.rb', line 85

def request_headers
  request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]
end

#request_methodObject 



89
90
91
 
# File 'lib/sinatra/cors.rb', line 89

def request_method
  request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]
end