Class: Spokes::Middleware::CORS

Inherits:
Object
  • Object
show all
Defined in:
lib/spokes/middleware/cors.rb

Overview

Provides CORS HTTP access control.

Usage:

class Application < Rails::Application
  config.middleware.use Spokes::Middleware::CORS
end

Example response:

$ curl -v -L http://localhost:3000/ -H "Origin: http://elsewhere" -X OPTIONS
> OPTIONS / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:3000
> Accept: */*
> Origin: http://elsewhere
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://elsewhere
< Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
< Access-Control-Allow-Headers: *, Content-Type, Accept, AUTHORIZATION, Cache-Control
< Access-Control-Allow-Credentials: true
< Access-Control-Max-Age: 1728000
< Access-Control-Expose-Headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
< Cache-Control: no-cache
< X-Request-Id: 1d388184-5dd6-4150-bf47-1729f33794ec
< X-Runtime: 0.001269
< Transfer-Encoding: chunked

Constant Summary collapse

ALLOW_METHODS = 
%w[GET POST PUT PATCH DELETE OPTIONS].freeze
ALLOW_HEADERS = 
%w[* Content-Type Accept AUTHORIZATION Cache-Control].freeze
EXPOSE_HEADERS = 
%w[Cache-Control Content-Language Content-Type Expires Last-Modified Pragma].freeze

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ CORS

Returns a new instance of CORS.



40
41
42
 
# File 'lib/spokes/middleware/cors.rb', line 40

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object 



44
45
46
47
48
49
50
51
52
53
 
# File 'lib/spokes/middleware/cors.rb', line 44

def call(env)
  # preflight request: render a stub 200 with the CORS headers
  if cors_request?(env) && env['REQUEST_METHOD'] == 'OPTIONS'
    [200, cors_headers(env), ['']]
  else
    status, headers, response = @app.call(env)
    headers.merge!(cors_headers(env)) if cors_request?(env)
    [status, headers, response]
  end
end

#cors_headers(env) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
 
# File 'lib/spokes/middleware/cors.rb', line 59

def cors_headers(env)
  {
    'Access-Control-Allow-Origin'      => env['HTTP_ORIGIN'],
    'Access-Control-Allow-Methods'     => ALLOW_METHODS.join(', '),
    'Access-Control-Allow-Headers'     => ALLOW_HEADERS.join(', '),
    'Access-Control-Allow-Credentials' => 'true',
    'Access-Control-Max-Age'           => '1728000',
    'Access-Control-Expose-Headers'    => EXPOSE_HEADERS.join(', ')
  }
end

#cors_request?(env) ⇒ Boolean

Returns:

  • (Boolean) 


55
56
57
 
# File 'lib/spokes/middleware/cors.rb', line 55

def cors_request?(env)
  env.key?('HTTP_ORIGIN')
end