Class: Rack::Cors

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/cors.rb,
lib/rack/cors/version.rb

Defined Under Namespace

Classes: Resource, Resources, Result

Constant Summary collapse

ENV_KEY = 
'rack.cors'.freeze
ORIGIN_HEADER_KEY = 
'HTTP_ORIGIN'.freeze
ORIGIN_X_HEADER_KEY = 
'HTTP_X_ORIGIN'.freeze
PATH_INFO_HEADER_KEY = 
'PATH_INFO'.freeze
VARY_HEADER_KEY = 
'Vary'.freeze
DEFAULT_VARY_HEADERS = 
['Origin'].freeze
VERSION = 
"0.4.0"

Instance Method Summary collapse

Constructor Details

#initialize(app, opts = {}, &block) ⇒ Cors

Returns a new instance of Cors.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/rack/cors.rb', line 13

def initialize(app, opts={}, &block)
  @app = app
  @debug_mode = !!opts[:debug]

  if logger = opts[:logger]
    if logger.respond_to? :call
      @logger_proc = opts[:logger]
    else
      @logger = logger
    end
  end

  if block_given?
    if block.arity == 1
      block.call(self)
    else
      instance_eval(&block)
    end
  end
end

Instance Method Details

#allow(&block) ⇒ Object 



38
39
40
41
42
43
44
45
46
 
# File 'lib/rack/cors.rb', line 38

def allow(&block)
  all_resources << (resources = Resources.new)

  if block.arity == 1
    block.call(resources)
  else
    resources.instance_eval(&block)
  end
end

#call(env) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/rack/cors.rb', line 48

def call(env)
  env[ORIGIN_HEADER_KEY] ||= env[ORIGIN_X_HEADER_KEY] if env[ORIGIN_X_HEADER_KEY]

  add_headers = nil
  if env[ORIGIN_HEADER_KEY]
    debug(env) do
      [ 'Incoming Headers:',
        "  Origin: #{env[ORIGIN_HEADER_KEY]}",
        "  Access-Control-Request-Method: #{env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']}",
        "  Access-Control-Request-Headers: #{env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"
        ].join("\n")
    end
    if env['REQUEST_METHOD'] == 'OPTIONS' and env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
      if headers = process_preflight(env)
        debug(env) do
          "Preflight Headers:\n" +
              headers.collect{|kv| "  #{kv.join(': ')}"}.join("\n")
        end
        return [200, headers, []]
      end
    else
      add_headers = process_cors(env)
    end
  else
    Result.miss(env, Result::MISS_NO_ORIGIN)
  end

  # This call must be done BEFORE calling the app because for some reason
  # env[PATH_INFO_HEADER_KEY] gets changed after that and it won't match.
  # (At least in rails 4.1.6)
  vary_resource = resource_for_path(env[PATH_INFO_HEADER_KEY])

  status, headers, body = @app.call env

  if add_headers
    headers = headers.merge(add_headers)
  end

  # Vary header should ALWAYS mention Origin if there's ANY chance for the
  # response to be different depending on the Origin header value.
  # Better explained here: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/
  if vary_resource
    vary = headers[VARY_HEADER_KEY]
    cors_vary_headers = if vary_resource.vary_headers && vary_resource.vary_headers.any?
      vary_resource.vary_headers
    else
      DEFAULT_VARY_HEADERS
    end
    headers[VARY_HEADER_KEY] = ((vary ? vary.split(/,\s*/) : []) + cors_vary_headers).uniq.join(', ')
  end

  if debug? && result = env[ENV_KEY]
    result.append_header(headers)
  end

  [status, headers, body]
end

#debug?Boolean

Returns:

  • (Boolean) 


34
35
36
 
# File 'lib/rack/cors.rb', line 34

def debug?
  @debug_mode
end