Class: Spokes::Middleware::CORS
- Inherits:
-
Object
- Object
- Spokes::Middleware::CORS
- Defined in:
- lib/spokes/middleware/cors.rb
Overview
Provides CORS HTTP access control.
Usage:
class Application < Rails::Application
config.middleware.use Spokes::Middleware::CORS
end
Example response:
$ curl -v -L http://localhost:3000/ -H "Origin: http://elsewhere" -X OPTIONS
> OPTIONS / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:3000
> Accept: */*
> Origin: http://elsewhere
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://elsewhere
< Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
< Access-Control-Allow-Headers: *, Content-Type, Accept, AUTHORIZATION, Cache-Control
< Access-Control-Allow-Credentials: true
< Access-Control-Max-Age: 1728000
< Access-Control-Expose-Headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
< Cache-Control: no-cache
< X-Request-Id: 1d388184-5dd6-4150-bf47-1729f33794ec
< X-Runtime: 0.001269
< Transfer-Encoding: chunked
Constant Summary collapse
- ALLOW_METHODS =
%w[GET POST PUT PATCH DELETE OPTIONS].freeze
- ALLOW_HEADERS =
%w[* Content-Type Accept AUTHORIZATION Cache-Control].freeze
- EXPOSE_HEADERS =
%w[Cache-Control Content-Language Content-Type Expires Last-Modified Pragma].freeze
Instance Method Summary collapse
- #call(env) ⇒ Object
- #cors_headers(env) ⇒ Object
- #cors_request?(env) ⇒ Boolean
-
#initialize(app) ⇒ CORS
constructor
A new instance of CORS.
Constructor Details
#initialize(app) ⇒ CORS
Returns a new instance of CORS.
40 41 42 |
# File 'lib/spokes/middleware/cors.rb', line 40 def initialize(app) @app = app end |
Instance Method Details
#call(env) ⇒ Object
44 45 46 47 48 49 50 51 52 53 |
# File 'lib/spokes/middleware/cors.rb', line 44 def call(env) # preflight request: render a stub 200 with the CORS headers if cors_request?(env) && env['REQUEST_METHOD'] == 'OPTIONS' [200, cors_headers(env), ['']] else status, headers, response = @app.call(env) headers.merge!(cors_headers(env)) if cors_request?(env) [status, headers, response] end end |
#cors_headers(env) ⇒ Object
59 60 61 62 63 64 65 66 67 68 |
# File 'lib/spokes/middleware/cors.rb', line 59 def cors_headers(env) { 'Access-Control-Allow-Origin' => env['HTTP_ORIGIN'], 'Access-Control-Allow-Methods' => ALLOW_METHODS.join(', '), 'Access-Control-Allow-Headers' => ALLOW_HEADERS.join(', '), 'Access-Control-Allow-Credentials' => 'true', 'Access-Control-Max-Age' => '1728000', 'Access-Control-Expose-Headers' => EXPOSE_HEADERS.join(', ') } end |
#cors_request?(env) ⇒ Boolean
55 56 57 |
# File 'lib/spokes/middleware/cors.rb', line 55 def cors_request?(env) env.key?('HTTP_ORIGIN') end |