Class: Rack::Cors::Resource
- Inherits:
-
Object
- Object
- Rack::Cors::Resource
- Defined in:
- lib/rack/cors.rb
Defined Under Namespace
Classes: CorsMisconfigurationError
Instance Attribute Summary collapse
-
#credentials ⇒ Object
Returns the value of attribute credentials.
-
#expose ⇒ Object
Returns the value of attribute expose.
-
#headers ⇒ Object
Returns the value of attribute headers.
-
#if_proc ⇒ Object
Returns the value of attribute if_proc.
-
#max_age ⇒ Object
Returns the value of attribute max_age.
-
#methods ⇒ Object
Returns the value of attribute methods.
-
#path ⇒ Object
Returns the value of attribute path.
-
#pattern ⇒ Object
Returns the value of attribute pattern.
-
#vary_headers ⇒ Object
Returns the value of attribute vary_headers.
Instance Method Summary collapse
-
#initialize(public_resource, path, opts = {}) ⇒ Resource
constructor
A new instance of Resource.
- #match?(path, env) ⇒ Boolean
- #matches_path?(path) ⇒ Boolean
- #process_preflight(env, result) ⇒ Object
- #to_headers(env) ⇒ Object
Constructor Details
#initialize(public_resource, path, opts = {}) ⇒ Resource
Returns a new instance of Resource.
346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 |
# File 'lib/rack/cors.rb', line 346 def initialize(public_resource, path, opts={}) raise CorsMisconfigurationError if public_resource && opts[:credentials] == true self.path = path self.credentials = public_resource ? false : (opts[:credentials] == true) self.max_age = opts[:max_age] || 7200 self.pattern = compile(path) self.if_proc = opts[:if] self.vary_headers = opts[:vary] && [opts[:vary]].flatten @public_resource = public_resource self.headers = case opts[:headers] when :any then :any when nil then nil else [opts[:headers]].flatten.collect{|h| h.downcase} end self.methods = case opts[:methods] when :any then [:get, :head, :post, :put, :patch, :delete, :options] else ensure_enum(opts[:methods]) || [:get] end.map{|e| e.to_s } self.expose = opts[:expose] ? [opts[:expose]].flatten : nil end |
Instance Attribute Details
#credentials ⇒ Object
Returns the value of attribute credentials.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def credentials @credentials end |
#expose ⇒ Object
Returns the value of attribute expose.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def expose @expose end |
#headers ⇒ Object
Returns the value of attribute headers.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def headers @headers end |
#if_proc ⇒ Object
Returns the value of attribute if_proc.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def if_proc @if_proc end |
#max_age ⇒ Object
Returns the value of attribute max_age.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def max_age @max_age end |
#methods ⇒ Object
Returns the value of attribute methods.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def methods @methods end |
#path ⇒ Object
Returns the value of attribute path.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def path @path end |
#pattern ⇒ Object
Returns the value of attribute pattern.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def pattern @pattern end |
#vary_headers ⇒ Object
Returns the value of attribute vary_headers.
344 345 346 |
# File 'lib/rack/cors.rb', line 344 def vary_headers @vary_headers end |
Instance Method Details
#match?(path, env) ⇒ Boolean
377 378 379 |
# File 'lib/rack/cors.rb', line 377 def match?(path, env) matches_path?(path) && (if_proc.nil? || if_proc.call(env)) end |
#matches_path?(path) ⇒ Boolean
373 374 375 |
# File 'lib/rack/cors.rb', line 373 def matches_path?(path) pattern =~ path end |
#process_preflight(env, result) ⇒ Object
381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 |
# File 'lib/rack/cors.rb', line 381 def process_preflight(env, result) headers = {} request_method = env[HTTP_ACCESS_CONTROL_REQUEST_METHOD] if request_method.nil? result.miss(Result::MISS_NO_METHOD) and return headers end if !methods.include?(request_method.downcase) result.miss(Result::MISS_DENY_METHOD) and return headers end request_headers = env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS] if request_headers && !allow_headers?(request_headers) result.miss(Result::MISS_DENY_HEADER) and return headers end result.hit = true headers.merge(to_preflight_headers(env)) end |
#to_headers(env) ⇒ Object
401 402 403 404 405 406 407 408 409 |
# File 'lib/rack/cors.rb', line 401 def to_headers(env) h = { 'Access-Control-Allow-Origin' => origin_for_response_header(env[HTTP_ORIGIN]), 'Access-Control-Allow-Methods' => methods.collect{|m| m.to_s.upcase}.join(', '), 'Access-Control-Expose-Headers' => expose.nil? ? '' : expose.join(', '), 'Access-Control-Max-Age' => max_age.to_s } h['Access-Control-Allow-Credentials'] = 'true' if credentials h end |