Class: Rack::Authenticate::CORSMiddleware

Inherits:

Object

• Object
• Rack::Authenticate::CORSMiddleware

Defined in:

lib/rack/authenticate/cors_middleware.rb

Constant Summary

ACCESS_CONTROL_MAX_AGE =

48 hours

60 * 60 * 48

Instance Method Summary

• #call(env) ⇒ Object
• #cors_allowances(env) ⇒ Object
• #cors_preflight_request?(env) ⇒ Boolean
• #initialize(app) ⇒ CORSMiddleware constructor

  A new instance of CORSMiddleware.

Constructor Details

#initialize(app) ⇒ CORSMiddleware

Returns a new instance of CORSMiddleware.

# File 'lib/rack/authenticate/cors_middleware.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/rack/authenticate/cors_middleware.rb', line 10

def call(env)
  status, headers, body = if cors_preflight_request?(env)
    cors_allowances(env)
  else
    @app.call(env)
  end

  if env.has_key?('HTTP_ORIGIN')
    headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN']
    headers['Access-Control-Allow-Credentials'] = 'true'
  end

  [status, headers, body]
end

#cors_allowances(env) ⇒ Object

# File 'lib/rack/authenticate/cors_middleware.rb', line 30

def cors_allowances(env)
  headers = {
    'Access-Control-Allow-Origin'      => env['HTTP_ORIGIN'],
    'Access-Control-Allow-Methods'     => env['HTTP_ACCESS_CONTROL_REQUEST_METHOD'],
    'Access-Control-Allow-Credentials' => 'true',
    'Access-Control-Max-Age'           => ACCESS_CONTROL_MAX_AGE.to_s,
    'Content-Type'                     => 'text/plain'
  }

  if env.has_key?('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
    headers['Access-Control-Allow-Headers'] = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
  end

  [200, headers, []]
end

#cors_preflight_request?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/authenticate/cors_middleware.rb', line 25

def cors_preflight_request?(env)
  env['REQUEST_METHOD'] == 'OPTIONS' &&
  %w[ HTTP_ACCESS_CONTROL_REQUEST_METHOD HTTP_ORIGIN ].all? { |k| env.has_key?(k) }
end