Class: Rack::Cors::Resource
- Inherits:
-
Object
- Object
- Rack::Cors::Resource
- Defined in:
- lib/rack/cors.rb
Defined Under Namespace
Classes: CorsMisconfigurationError
Instance Attribute Summary collapse
-
#credentials ⇒ Object
Returns the value of attribute credentials.
-
#expose ⇒ Object
Returns the value of attribute expose.
-
#headers ⇒ Object
Returns the value of attribute headers.
-
#if_proc ⇒ Object
Returns the value of attribute if_proc.
-
#max_age ⇒ Object
Returns the value of attribute max_age.
-
#methods ⇒ Object
Returns the value of attribute methods.
-
#path ⇒ Object
Returns the value of attribute path.
-
#pattern ⇒ Object
Returns the value of attribute pattern.
-
#vary_headers ⇒ Object
Returns the value of attribute vary_headers.
Instance Method Summary collapse
-
#initialize(public_resource, path, opts = {}) ⇒ Resource
constructor
A new instance of Resource.
- #match?(path, env) ⇒ Boolean
- #matches_path?(path) ⇒ Boolean
- #process_preflight(env, result) ⇒ Object
- #to_headers(env) ⇒ Object
Constructor Details
#initialize(public_resource, path, opts = {}) ⇒ Resource
Returns a new instance of Resource.
330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 |
# File 'lib/rack/cors.rb', line 330 def initialize(public_resource, path, opts={}) raise CorsMisconfigurationError if public_resource && opts[:credentials] == true self.path = path self.credentials = public_resource ? false : (opts[:credentials] == true) self.max_age = opts[:max_age] || 1728000 self.pattern = compile(path) self.if_proc = opts[:if] self.vary_headers = opts[:vary] && [opts[:vary]].flatten @public_resource = public_resource self.headers = case opts[:headers] when :any then :any when nil then nil else [opts[:headers]].flatten.collect{|h| h.downcase} end self.methods = case opts[:methods] when :any then [:get, :head, :post, :put, :patch, :delete, :options] else ensure_enum(opts[:methods]) || [:get] end.map{|e| e.to_s } self.expose = opts[:expose] ? [opts[:expose]].flatten : nil end |
Instance Attribute Details
#credentials ⇒ Object
Returns the value of attribute credentials.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def credentials @credentials end |
#expose ⇒ Object
Returns the value of attribute expose.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def expose @expose end |
#headers ⇒ Object
Returns the value of attribute headers.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def headers @headers end |
#if_proc ⇒ Object
Returns the value of attribute if_proc.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def if_proc @if_proc end |
#max_age ⇒ Object
Returns the value of attribute max_age.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def max_age @max_age end |
#methods ⇒ Object
Returns the value of attribute methods.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def methods @methods end |
#path ⇒ Object
Returns the value of attribute path.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def path @path end |
#pattern ⇒ Object
Returns the value of attribute pattern.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def pattern @pattern end |
#vary_headers ⇒ Object
Returns the value of attribute vary_headers.
328 329 330 |
# File 'lib/rack/cors.rb', line 328 def vary_headers @vary_headers end |
Instance Method Details
#match?(path, env) ⇒ Boolean
361 362 363 |
# File 'lib/rack/cors.rb', line 361 def match?(path, env) matches_path?(path) && (if_proc.nil? || if_proc.call(env)) end |
#matches_path?(path) ⇒ Boolean
357 358 359 |
# File 'lib/rack/cors.rb', line 357 def matches_path?(path) pattern =~ path end |
#process_preflight(env, result) ⇒ Object
365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'lib/rack/cors.rb', line 365 def process_preflight(env, result) headers = {CONTENT_TYPE => TEXT_PLAIN} request_method = env[HTTP_ACCESS_CONTROL_REQUEST_METHOD] if request_method.nil? result.miss(Result::MISS_NO_METHOD) and return headers end if !methods.include?(request_method.downcase) result.miss(Result::MISS_DENY_METHOD) and return headers end request_headers = env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS] if request_headers && !allow_headers?(request_headers) result.miss(Result::MISS_DENY_HEADER) and return headers end result.hit = true headers.merge(to_preflight_headers(env)) end |
#to_headers(env) ⇒ Object
385 386 387 388 389 390 391 392 393 |
# File 'lib/rack/cors.rb', line 385 def to_headers(env) h = { 'Access-Control-Allow-Origin' => origin_for_response_header(env[HTTP_ORIGIN]), 'Access-Control-Allow-Methods' => methods.collect{|m| m.to_s.upcase}.join(', '), 'Access-Control-Expose-Headers' => expose.nil? ? '' : expose.join(', '), 'Access-Control-Max-Age' => max_age.to_s } h['Access-Control-Allow-Credentials'] = 'true' if credentials h end |