Class: Rack::Cors
- Inherits:
-
Object
- Object
- Rack::Cors
- Defined in:
- lib/rack/cors.rb,
lib/rack/cors/version.rb
Defined Under Namespace
Classes: Resource, Resources, Result
Constant Summary collapse
- HTTP_ORIGIN =
'HTTP_ORIGIN'.freeze
- HTTP_X_ORIGIN =
'HTTP_X_ORIGIN'.freeze
- HTTP_ACCESS_CONTROL_REQUEST_METHOD =
'HTTP_ACCESS_CONTROL_REQUEST_METHOD'.freeze
- HTTP_ACCESS_CONTROL_REQUEST_HEADERS =
'HTTP_ACCESS_CONTROL_REQUEST_HEADERS'.freeze
- PATH_INFO =
'PATH_INFO'.freeze
- REQUEST_METHOD =
'REQUEST_METHOD'.freeze
- RACK_LOGGER =
'rack.logger'.freeze
- RACK_CORS =
ENV_KEY = 'rack.cors'.freeze
- OPTIONS =
'OPTIONS'.freeze
- VARY =
'Vary'.freeze
- CONTENT_TYPE =
'Content-Type'.freeze
- TEXT_PLAIN =
'text/plain'.freeze
- DEFAULT_VARY_HEADERS =
['Origin'].freeze
- CORS_SIMPLE_HEADERS =
All CORS routes need to accept CORS simple headers at all times https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
['accept', 'accept-language', 'content-language', 'content-type'].freeze
- VERSION =
"1.0.2"
Instance Method Summary collapse
- #allow(&block) ⇒ Object
- #call(env) ⇒ Object
- #debug? ⇒ Boolean
-
#initialize(app, opts = {}, &block) ⇒ Cors
constructor
A new instance of Cors.
Constructor Details
#initialize(app, opts = {}, &block) ⇒ Cors
Returns a new instance of Cors.
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/rack/cors.rb', line 30 def initialize(app, opts={}, &block) @app = app @debug_mode = !!opts[:debug] @logger = @logger_proc = nil if logger = opts[:logger] if logger.respond_to? :call @logger_proc = opts[:logger] else @logger = logger end end if block_given? if block.arity == 1 block.call(self) else instance_eval(&block) end end end |
Instance Method Details
#allow(&block) ⇒ Object
56 57 58 59 60 61 62 63 64 |
# File 'lib/rack/cors.rb', line 56 def allow(&block) all_resources << (resources = Resources.new) if block.arity == 1 block.call(resources) else resources.instance_eval(&block) end end |
#call(env) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/rack/cors.rb', line 66 def call(env) env[HTTP_ORIGIN] ||= env[HTTP_X_ORIGIN] if env[HTTP_X_ORIGIN] add_headers = nil if env[HTTP_ORIGIN] debug(env) do [ 'Incoming Headers:', " Origin: #{env[HTTP_ORIGIN]}", " Access-Control-Request-Method: #{env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]}", " Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}" ].join("\n") end if env[REQUEST_METHOD] == OPTIONS and env[HTTP_ACCESS_CONTROL_REQUEST_METHOD] headers = process_preflight(env) debug(env) do "Preflight Headers:\n" + headers.collect{|kv| " #{kv.join(': ')}"}.join("\n") end return [200, headers, []] else add_headers = process_cors(env) end else Result.miss(env, Result::MISS_NO_ORIGIN) end # This call must be done BEFORE calling the app because for some reason # env[PATH_INFO] gets changed after that and it won't match. (At least # in rails 4.1.6) vary_resource = resource_for_path(env[PATH_INFO]) status, headers, body = @app.call env if add_headers headers = add_headers.merge(headers) debug(env) do add_headers.each_pair do |key, value| if headers.has_key?(key) headers["X-Rack-CORS-Original-#{key}"] = value end end end end # Vary header should ALWAYS mention Origin if there's ANY chance for the # response to be different depending on the Origin header value. # Better explained here: http://www.fastly.com/blog/best-practices-for-using-the-vary-header/ if vary_resource vary = headers[VARY] cors_vary_headers = if vary_resource.vary_headers && vary_resource.vary_headers.any? vary_resource.vary_headers else DEFAULT_VARY_HEADERS end headers[VARY] = ((vary ? vary.split(/,\s*/) : []) + cors_vary_headers).uniq.join(', ') end if debug? && result = env[RACK_CORS] result.append_header(headers) end [status, headers, body] end |
#debug? ⇒ Boolean
52 53 54 |
# File 'lib/rack/cors.rb', line 52 def debug? @debug_mode end |