Class: Rack::Cors::Resource

Inherits:

Object

• Object
• Rack::Cors::Resource

Defined in:

lib/rack/cors.rb

Defined Under Namespace

Classes: CorsMisconfigurationError

Instance Attribute Summary

• #credentials ⇒ Object

  Returns the value of attribute credentials.

• #expose ⇒ Object

  Returns the value of attribute expose.

• #headers ⇒ Object

  Returns the value of attribute headers.

• #if_proc ⇒ Object

  Returns the value of attribute if_proc.

• #max_age ⇒ Object

  Returns the value of attribute max_age.

• #methods ⇒ Object

  Returns the value of attribute methods.

• #path ⇒ Object

  Returns the value of attribute path.

• #pattern ⇒ Object

  Returns the value of attribute pattern.

• #vary_headers ⇒ Object

  Returns the value of attribute vary_headers.

Instance Method Summary

• #initialize(public_resource, path, opts = {}) ⇒ Resource constructor

  A new instance of Resource.

• #match?(path, env) ⇒ Boolean
• #matches_path?(path) ⇒ Boolean
• #process_preflight(env, result) ⇒ Object
• #to_headers(env) ⇒ Object

Constructor Details

#initialize(public_resource, path, opts = {}) ⇒ Resource

Returns a new instance of Resource.

Raises:

• (CorsMisconfigurationError)

# File 'lib/rack/cors.rb', line 346

def initialize(public_resource, path, opts={})
  raise CorsMisconfigurationError if public_resource && opts[:credentials] == true

  self.path         = path
  self.credentials  = public_resource ? false : (opts[:credentials] == true)
  self.max_age      = opts[:max_age] || 7200
  self.pattern      = compile(path)
  self.if_proc      = opts[:if]
  self.vary_headers = opts[:vary] && [opts[:vary]].flatten
  @public_resource  = public_resource

  self.headers = case opts[:headers]
  when :any then :any
  when nil then nil
  else
    [opts[:headers]].flatten.collect{|h| h.downcase}
  end

  self.methods = case opts[:methods]
  when :any then [:get, :head, :post, :put, :patch, :delete, :options]
  else
    ensure_enum(opts[:methods]) || [:get]
  end.map{|e| e.to_s }

  self.expose = opts[:expose] ? [opts[:expose]].flatten : nil
end

Instance Attribute Details

#credentials ⇒ Object

Returns the value of attribute credentials.

# File 'lib/rack/cors.rb', line 344

def credentials
  @credentials
end

#expose ⇒ Object

Returns the value of attribute expose.

# File 'lib/rack/cors.rb', line 344

def expose
  @expose
end

#headers ⇒ Object

Returns the value of attribute headers.

# File 'lib/rack/cors.rb', line 344

def headers
  @headers
end

#if_proc ⇒ Object

Returns the value of attribute if_proc.

# File 'lib/rack/cors.rb', line 344

def if_proc
  @if_proc
end

#max_age ⇒ Object

Returns the value of attribute max_age.

# File 'lib/rack/cors.rb', line 344

def max_age
  @max_age
end

#methods ⇒ Object

Returns the value of attribute methods.

# File 'lib/rack/cors.rb', line 344

def methods
  @methods
end

#path ⇒ Object

Returns the value of attribute path.

# File 'lib/rack/cors.rb', line 344

def path
  @path
end

#pattern ⇒ Object

Returns the value of attribute pattern.

# File 'lib/rack/cors.rb', line 344

def pattern
  @pattern
end

#vary_headers ⇒ Object

Returns the value of attribute vary_headers.

# File 'lib/rack/cors.rb', line 344

def vary_headers
  @vary_headers
end

Instance Method Details

#match?(path, env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/cors.rb', line 377

def match?(path, env)
  matches_path?(path) && (if_proc.nil? || if_proc.call(env))
end

#matches_path?(path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/cors.rb', line 373

def matches_path?(path)
  pattern =~ path
end

#process_preflight(env, result) ⇒ Object

# File 'lib/rack/cors.rb', line 381

def process_preflight(env, result)
  headers = {}

  request_method = env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
  if request_method.nil?
    result.miss(Result::MISS_NO_METHOD) and return headers
  end
  if !methods.include?(request_method.downcase)
    result.miss(Result::MISS_DENY_METHOD) and return headers
  end

  request_headers = env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]
  if request_headers && !allow_headers?(request_headers)
    result.miss(Result::MISS_DENY_HEADER) and return headers
  end

  result.hit = true
  headers.merge(to_preflight_headers(env))
end

#to_headers(env) ⇒ Object

# File 'lib/rack/cors.rb', line 401

def to_headers(env)
  h = {
    'Access-Control-Allow-Origin'     => origin_for_response_header(env[HTTP_ORIGIN]),
    'Access-Control-Allow-Methods'    => methods.collect{|m| m.to_s.upcase}.join(', '),
    'Access-Control-Expose-Headers'   => expose.nil? ? '' : expose.join(', '),
    'Access-Control-Max-Age'          => max_age.to_s }
  h['Access-Control-Allow-Credentials'] = 'true' if credentials
  h
end