suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Run CORS middleware in development

Browse Source
This commit is contained in:
Piotr Sarnacki 2013-09-20 12:47:14 +02:00
parent d6684dd441
commit 0681e54cf1
3 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/travis/api/app.rb
View File

@ -31,6 +31,7 @@ module Travis::Api
autoload :Helpers, 'travis/api/app/helpers' autoload :Helpers, 'travis/api/app/helpers'
autoload :Middleware, 'travis/api/app/middleware' autoload :Middleware, 'travis/api/app/middleware'
autoload :Responders, 'travis/api/app/responders' autoload :Responders, 'travis/api/app/responders'
autoload :Cors, 'travis/api/app/cors'
Rack.autoload :SSL, 'rack/ssl' Rack.autoload :SSL, 'rack/ssl'
@ -79,6 +80,7 @@ module Travis::Api
[ 420, {}, ['Enhance Your Calm']] [ 420, {}, ['Enhance Your Calm']]
end end
use Travis::Api::App::Cors unless Endpoint.production?
use Raven::Rack if Endpoint.production? use Raven::Rack if Endpoint.production?
use Rack::Protection::PathTraversal use Rack::Protection::PathTraversal
use Rack::SSL if Endpoint.production? use Rack::SSL if Endpoint.production?

20
lib/travis/api/app/cors.rb Normal file
View File

@ -0,0 +1,20 @@
require 'travis/api/app'
class Travis::Api::App
# Implements Cross-Origin Resource Sharing. Supported by all major browsers.
# See http://www.w3.org/TR/cors/
#
# TODO: Be smarter about origin.
class Cors < Base
before do
headers['Access-Control-Allow-Origin'] = "*"
headers['Access-Control-Allow-Credentials'] = "true"
headers['Access-Control-Expose-Headers'] = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
options // do
headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
end
end
end

50
spec/unit/cors_spec.rb Normal file
View File

@ -0,0 +1,50 @@
require 'spec_helper'
describe Travis::Api::App::Cors do
before do
mock_app do
use Travis::Api::App::Cors
get('/check_cors') { 'ok' }
end
end
describe 'normal request' do
before { get('/check_cors').should be_ok }
it 'sets Access-Control-Allow-Origin' do
headers['Access-Control-Allow-Origin'].should == "*"
end
it 'sets Access-Control-Allow-Credentials' do
headers['Access-Control-Allow-Credentials'].should == "true"
end
it 'sets Access-Control-Expose-Headers' do
headers['Access-Control-Expose-Headers'].should == "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
end
describe 'OPTIONS requests' do
before { options('/').should be_ok }
it 'sets Access-Control-Allow-Origin' do
headers['Access-Control-Allow-Origin'].should == "*"
end
it 'sets Access-Control-Allow-Credentials' do
headers['Access-Control-Allow-Credentials'].should == "true"
end
it 'sets Access-Control-Expose-Headers' do
headers['Access-Control-Expose-Headers'].should == "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
it 'sets Access-Control-Allow-Methods' do
headers['Access-Control-Allow-Methods'].should == "HEAD, GET, POST, PATCH, PUT, DELETE"
end
it 'sets Access-Control-Allow-Headers' do
headers['Access-Control-Allow-Headers'].should == "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
end
end
end