Module: Excursion::CORS

Defined in:
lib/excursion/cors.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



3
4
5
 
# File 'lib/excursion/cors.rb', line 3

def self.included(base)
  base.send :before_filter, :cors_headers if Excursion.configuration.enable_cors
end

Instance Method Details

#cors_blacklisted?(origin) ⇒ Boolean 



16
17
18
 
# File 'lib/excursion/cors.rb', line 16

def cors_blacklisted?(origin)
  !Excursion.configuration.cors_blacklist.nil? && !Excursion.configuration.cors_blacklist.any? { |cb| cors_match? origin, cb }
end

#cors_headersObject 



20
21
22
23
24
25
26
27
28
29
 
# File 'lib/excursion/cors.rb', line 20

def cors_headers
  origin = request.headers['Origin'] || request.headers['HTTP_ORIGIN']
  if !origin.nil? && cors_whitelisted?(origin) && !cors_blacklisted?(origin)
    headers['Access-Control-Allow-Origin'] = request.headers['Origin']
    headers['Access-Control-Allow-Methods'] = Excursion.configuration.cors_allow_methods.join(',')
    headers['Access-Control-Allow-Headers'] = Excursion.configuration.cors_allow_headers.join(', ')
    headers['Access-Control-Allow-Credentials'] = Excursion.configuration.cors_allow_credentials.to_s
    headers['Access-Control-Max-Age'] = Excursion.configuration.cors_max_age.to_s
  end
end

#cors_match?(origin, host) ⇒ Boolean 



7
8
9
 
# File 'lib/excursion/cors.rb', line 7

def cors_match?(origin, host)
  host.is_a?(Regexp) ? origin.match(host) : origin.downcase == host.downcase
end

#cors_whitelisted?(origin) ⇒ Boolean 



11
12
13
14
 
# File 'lib/excursion/cors.rb', line 11

def cors_whitelisted?(origin)
  return Excursion::Pool.all_applications.values.map { |app| app.default_url_options[:host] }.any? { |cw| cors_match? origin, cw } if Excursion.configuration.cors_whitelist == :pool
  Excursion.configuration.cors_whitelist.nil? || Excursion.configuration.cors_whitelist.any? { |cw| cors_match? origin, cw }
end