Class: Rack::Cors

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/cors.rb,
lib/rack/cors/version.rb

Defined Under Namespace

Classes: Resource, Resources, Result

Constant Summary collapse

HTTP_ORIGIN =
'HTTP_ORIGIN'.freeze
HTTP_X_ORIGIN =
'HTTP_X_ORIGIN'.freeze
HTTP_ACCESS_CONTROL_REQUEST_METHOD =
'HTTP_ACCESS_CONTROL_REQUEST_METHOD'.freeze
HTTP_ACCESS_CONTROL_REQUEST_HEADERS =
'HTTP_ACCESS_CONTROL_REQUEST_HEADERS'.freeze
PATH_INFO =
'PATH_INFO'.freeze
REQUEST_METHOD =
'REQUEST_METHOD'.freeze
RACK_LOGGER =
'rack.logger'.freeze
RACK_CORS =
ENV_KEY     = 'rack.cors'.freeze
OPTIONS =
'OPTIONS'.freeze
VARY =
'Vary'.freeze
CONTENT_TYPE =
'Content-Type'.freeze
TEXT_PLAIN =
'text/plain'.freeze
DEFAULT_VARY_HEADERS =
['Origin'].freeze
CORS_SIMPLE_HEADERS =

All CORS routes need to accept CORS simple headers at all times https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

['accept', 'accept-language', 'content-language', 'content-type'].freeze
VERSION =
"1.0.2"

Instance Method Summary collapse

Constructor Details

#initialize(app, opts = {}, &block) ⇒ Cors

Returns a new instance of Cors.



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/rack/cors.rb', line 30

def initialize(app, opts={}, &block)
  @app = app
  @debug_mode = !!opts[:debug]
  @logger = @logger_proc = nil

  if logger = opts[:logger]
    if logger.respond_to? :call
      @logger_proc = opts[:logger]
    else
      @logger = logger
    end
  end

  if block_given?
    if block.arity == 1
      block.call(self)
    else
      instance_eval(&block)
    end
  end
end

Instance Method Details

#allow(&block) ⇒ Object



56
57
58
59
60
61
62
63
64
# File 'lib/rack/cors.rb', line 56

def allow(&block)
  all_resources << (resources = Resources.new)

  if block.arity == 1
    block.call(resources)
  else
    resources.instance_eval(&block)
  end
end

#call(env) ⇒ Object



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/rack/cors.rb', line 66

def call(env)
  env[HTTP_ORIGIN] ||= env[HTTP_X_ORIGIN] if env[HTTP_X_ORIGIN]

  add_headers = nil
  if env[HTTP_ORIGIN]
    debug(env) do
      [ 'Incoming Headers:',
        "  Origin: #{env[HTTP_ORIGIN]}",
        "  Access-Control-Request-Method: #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]}",
        "  Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"
        ].join("\n")
    end
    if env[REQUEST_METHOD] == OPTIONS and env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
      headers = process_preflight(env)
      debug(env) do
        "Preflight Headers:\n" +
            headers.collect{|kv| "  #{kv.join(': ')}"}.join("\n")
      end
      return [200, headers, []]
    else
      add_headers = process_cors(env)
    end
  else
    Result.miss(env, Result::MISS_NO_ORIGIN)
  end

  # This call must be done BEFORE calling the app because for some reason
  # env[PATH_INFO] gets changed after that and it won't match. (At least
  # in rails 4.1.6)
  vary_resource = resource_for_path(env[PATH_INFO])

  status, headers, body = @app.call env

  if add_headers
    headers = add_headers.merge(headers)
    debug(env) do
      add_headers.each_pair do |key, value|
        if headers.has_key?(key)
          headers["X-Rack-CORS-Original-#{key}"] = value
        end
      end
    end
  end

  # Vary header should ALWAYS mention Origin if there's ANY chance for the
  # response to be different depending on the Origin header value.
  # Better explained here: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/
  if vary_resource
    vary = headers[VARY]
    cors_vary_headers = if vary_resource.vary_headers && vary_resource.vary_headers.any?
      vary_resource.vary_headers
    else
      DEFAULT_VARY_HEADERS
    end
    headers[VARY] = ((vary ? vary.split(/,\s*/) : []) + cors_vary_headers).uniq.join(', ')
  end

  if debug? && result = env[RACK_CORS]
    result.append_header(headers)
  end

  [status, headers, body]
end

#debug?Boolean

Returns:

  • (Boolean)


52
53
54
# File 'lib/rack/cors.rb', line 52

def debug?
  @debug_mode
end