Module: Excursion::CORS

Defined in:

lib/excursion/cors.rb

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #cors_blacklisted?(origin) ⇒ Boolean
• #cors_headers ⇒ Object
• #cors_match?(origin, host) ⇒ Boolean
• #cors_preflight ⇒ Object
• #cors_whitelisted?(origin) ⇒ Boolean

Class Method Details

.included(base) ⇒ Object

# File 'lib/excursion/cors.rb', line 3

def self.included(base)
  base.send :before_filter, :cors_headers if Excursion.configuration.enable_cors
end

Instance Method Details

#cors_blacklisted?(origin) ⇒ Boolean

# File 'lib/excursion/cors.rb', line 16

def cors_blacklisted?(origin)
  !Excursion.configuration.cors_blacklist.nil? && !Excursion.configuration.cors_blacklist.any? { |cb| cors_match? origin, cb }
end

#cors_headers ⇒ Object

# File 'lib/excursion/cors.rb', line 20

def cors_headers
  origin = request.headers['Origin'] || request.headers['HTTP_ORIGIN']
  if !origin.nil? && cors_whitelisted?(origin) && !cors_blacklisted?(origin)
    headers['Access-Control-Allow-Origin'] = request.headers['Origin']
    headers['Access-Control-Allow-Methods'] = Excursion.configuration.cors_allow_methods.join(',')
    headers['Access-Control-Allow-Headers'] = Excursion.configuration.cors_allow_headers.join(', ')
    headers['Access-Control-Allow-Credentials'] = Excursion.configuration.cors_allow_credentials.to_s
    headers['Access-Control-Max-Age'] = Excursion.configuration.cors_max_age.to_s
  end
end

#cors_match?(origin, host) ⇒ Boolean

# File 'lib/excursion/cors.rb', line 7

def cors_match?(origin, host)
  host.is_a?(Regexp) ? origin.match(host) : origin.downcase == host.downcase
end

#cors_preflight ⇒ Object

# File 'lib/excursion/cors.rb', line 31

def cors_preflight
  cors_headers
  render :text => '', :content_type => 'text/plain'
end

#cors_whitelisted?(origin) ⇒ Boolean

# File 'lib/excursion/cors.rb', line 11

def cors_whitelisted?(origin)
  return Excursion::Pool.all_applications.values.map { |app| app.default_url_options[:host] }.any? { |cw| cors_match? origin, cw } if Excursion.configuration.cors_whitelist == :pool
  Excursion.configuration.cors_whitelist.nil? || Excursion.configuration.cors_whitelist.any? { |cw| cors_match? origin, cw }
end