From 2f87153df97cf29a05d6af7c7e09ee7d428090d9 Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Mon, 5 Nov 2012 21:45:21 +0100
Subject: [PATCH] Move CORS middleware in front of the stack
If there is an error somewhere along the line (like in DB connection
management), it should not interfere with returning proper result for
OPTIONS request. Otherwise it's hard to guess why the actual request in
the browser was not properly sent.
---
lib/travis/api/app.rb | 2 ++
lib/travis/api/app/cors.rb | 20 ++++++++++++++++++++
lib/travis/api/app/middleware/cors.rb | 22 ----------------------
spec/unit/{middleware => }/cors_spec.rb | 4 ++--
4 files changed, 24 insertions(+), 24 deletions(-)
create mode 100644 lib/travis/api/app/cors.rb
delete mode 100644 lib/travis/api/app/middleware/cors.rb
rename spec/unit/{middleware => }/cors_spec.rb (93%)
diff --git a/lib/travis/api/app.rb b/lib/travis/api/app.rb
index ddfe2fc9..049b889b 100644
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@@ -25,6 +25,7 @@ module Travis::Api
autoload :Helpers, 'travis/api/app/helpers'
autoload :Middleware, 'travis/api/app/middleware'
autoload :Responders, 'travis/api/app/responders'
+ autoload :Cors, 'travis/api/app/cors'
Rack.autoload :SSL, 'rack/ssl'
@@ -52,6 +53,7 @@ module Travis::Api
def initialize
@app = Rack::Builder.app do
+ use Travis::Api::App::Cors
use Hubble::Rescuer, env: Travis.env, codename: ENV['CODENAME'] if Endpoint.production? && ENV['HUBBLE_ENDPOINT']
use Rack::Protection::PathTraversal
use Rack::SSL if Endpoint.production?
diff --git a/lib/travis/api/app/cors.rb b/lib/travis/api/app/cors.rb
new file mode 100644
index 00000000..781efc00
--- /dev/null
+++ b/lib/travis/api/app/cors.rb
@@ -0,0 +1,20 @@
+require 'travis/api/app'
+
+class Travis::Api::App
+ # Implements Cross-Origin Resource Sharing. Supported by all major browsers.
+ # See http://www.w3.org/TR/cors/
+ #
+ # TODO: Be smarter about origin.
+ class Cors < Base
+ before do
+ headers['Access-Control-Allow-Origin'] = "*"
+ headers['Access-Control-Allow-Credentials'] = "true"
+ headers['Access-Control-Expose-Headers'] = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
+ end
+
+ options // do
+ headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
+ headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
+ end
+ end
+end
diff --git a/lib/travis/api/app/middleware/cors.rb b/lib/travis/api/app/middleware/cors.rb
deleted file mode 100644
index 5a93b7a3..00000000
--- a/lib/travis/api/app/middleware/cors.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-require 'travis/api/app'
-
-class Travis::Api::App
- class Middleware
- # Implements Cross-Origin Resource Sharing. Supported by all major browsers.
- # See http://www.w3.org/TR/cors/
- #
- # TODO: Be smarter about origin.
- class Cors < Middleware
- before do
- headers['Access-Control-Allow-Origin'] = "*"
- headers['Access-Control-Allow-Credentials'] = "true"
- headers['Access-Control-Expose-Headers'] = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
- end
-
- options // do
- headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
- headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
- end
- end
- end
-end
diff --git a/spec/unit/middleware/cors_spec.rb b/spec/unit/cors_spec.rb
similarity index 93%
rename from spec/unit/middleware/cors_spec.rb
rename to spec/unit/cors_spec.rb
index 16d565bd..83e79914 100644
--- a/spec/unit/middleware/cors_spec.rb
+++ b/spec/unit/cors_spec.rb
@@ -1,9 +1,9 @@
require 'spec_helper'
-describe Travis::Api::App::Middleware::Cors do
+describe Travis::Api::App::Cors do
before do
mock_app do
- use Travis::Api::App::Middleware::Cors
+ use Travis::Api::App::Cors
get('/check_cors') { 'ok' }
end
end