Move CORS middleware in front of the stack

If there is an error somewhere along the line (like in DB connection management), it should not interfere with returning proper result for OPTIONS request. Otherwise it's hard to guess why the actual request in the browser was not properly sent.
2012-11-05 21:45:21 +01:00 · 2012-11-05 21:45:21 +01:00 · 2f87153df9
commit 2f87153df9
parent 7695788aae
4 changed files with 24 additions and 24 deletions
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@ -25,6 +25,7 @@ module Travis::Api
    autoload :Helpers,      'travis/api/app/helpers'
    autoload :Middleware,   'travis/api/app/middleware'
    autoload :Responders,   'travis/api/app/responders'
+    autoload :Cors,         'travis/api/app/cors'

    Rack.autoload :SSL, 'rack/ssl'

@ -52,6 +53,7 @@ module Travis::Api

    def initialize
      @app = Rack::Builder.app do
+        use Travis::Api::App::Cors
        use Hubble::Rescuer, env: Travis.env, codename: ENV['CODENAME'] if Endpoint.production? && ENV['HUBBLE_ENDPOINT']
        use Rack::Protection::PathTraversal
        use Rack::SSL if Endpoint.production?
--- a/lib/travis/api/app/cors.rb
+++ b/lib/travis/api/app/cors.rb
@ -0,0 +1,20 @@
+require 'travis/api/app'
+
+class Travis::Api::App
+  # Implements Cross-Origin Resource Sharing. Supported by all major browsers.
+  # See http://www.w3.org/TR/cors/
+  #
+  # TODO: Be smarter about origin.
+  class Cors < Base
+    before do
+      headers['Access-Control-Allow-Origin']      = "*"
+      headers['Access-Control-Allow-Credentials'] = "true"
+      headers['Access-Control-Expose-Headers']    = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
+    end
+
+    options // do
+      headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
+      headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
+    end
+  end
+end
--- a/lib/travis/api/app/middleware/cors.rb
+++ b/lib/travis/api/app/middleware/cors.rb
@ -1,22 +0,0 @@
-require 'travis/api/app'
-
-class Travis::Api::App
-  class Middleware
-    # Implements Cross-Origin Resource Sharing. Supported by all major browsers.
-    # See http://www.w3.org/TR/cors/
-    #
-    # TODO: Be smarter about origin.
-    class Cors < Middleware
-      before do
-        headers['Access-Control-Allow-Origin']      = "*"
-        headers['Access-Control-Allow-Credentials'] = "true"
-        headers['Access-Control-Expose-Headers']    = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
-      end
-
-      options // do
-        headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
-        headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
-      end
-    end
-  end
-end
--- a/spec/unit/middleware/cors_spec.rb
+++ b/spec/unit/middleware/cors_spec.rb
@ -1,9 +1,9 @@
 require 'spec_helper'

-describe Travis::Api::App::Middleware::Cors do
+describe Travis::Api::App::Cors do
  before do
    mock_app do
-      use Travis::Api::App::Middleware::Cors
+      use Travis::Api::App::Cors
      get('/check_cors') { 'ok' }
    end
  end