suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add nginx config with CORS support

Browse Source
This commit is contained in:
Piotr Sarnacki 2013-09-05 16:19:58 +02:00
parent fc13284591
commit e587ef0b7f
4 changed files with 64 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
config/nginx.conf.erb Normal file
View File

@ -0,0 +1,64 @@
daemon off;
#Heroku dynos have 4 cores.
worker_processes 4;
events {
use epoll;
accept_mutex on;
worker_connections 1024;
}
http {
gzip on;
gzip_comp_level 2;
gzip_min_length 512;
log_format l2met 'measure.nginx.service=$request_time request_id=$http_heroku_request_id';
access_log logs/nginx/access.log l2met;
error_log logs/nginx/error.log;
include mime.types;
default_type application/octet-stream;
sendfile on;
#Must read the body in 5 seconds.
client_body_timeout 5;
upstream app_server {
server unix:/tmp/nginx.socket fail_timeout=0;
}
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Type, Cache-Control, Expires, Etag, Last-Modified';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Type, Cache-Control, Expires, Etag, Last-Modified';
# Tell browser to cache this pre-flight info for 20 days
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, POST, PATCH, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}

2
lib/travis/api/app.rb
View File

@ -31,7 +31,6 @@ module Travis::Api
autoload :Helpers, 'travis/api/app/helpers' autoload :Helpers, 'travis/api/app/helpers'
autoload :Middleware, 'travis/api/app/middleware' autoload :Middleware, 'travis/api/app/middleware'
autoload :Responders, 'travis/api/app/responders' autoload :Responders, 'travis/api/app/responders'
autoload :Cors, 'travis/api/app/cors'
Rack.autoload :SSL, 'rack/ssl' Rack.autoload :SSL, 'rack/ssl'
@ -80,7 +79,6 @@ module Travis::Api
[ 420, {}, ['Enhance Your Calm']] [ 420, {}, ['Enhance Your Calm']]
end end
use Travis::Api::App::Cors
use Raven::Rack if Endpoint.production? use Raven::Rack if Endpoint.production?
use Rack::Protection::PathTraversal use Rack::Protection::PathTraversal
use Rack::SSL if Endpoint.production? use Rack::SSL if Endpoint.production?

20
lib/travis/api/app/cors.rb
View File

@ -1,20 +0,0 @@
require 'travis/api/app'
class Travis::Api::App
# Implements Cross-Origin Resource Sharing. Supported by all major browsers.
# See http://www.w3.org/TR/cors/
#
# TODO: Be smarter about origin.
class Cors < Base
before do
headers['Access-Control-Allow-Origin'] = "*"
headers['Access-Control-Allow-Credentials'] = "true"
headers['Access-Control-Expose-Headers'] = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
options // do
headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
end
end
end

50
spec/unit/cors_spec.rb
View File

@ -1,50 +0,0 @@
require 'spec_helper'
describe Travis::Api::App::Cors do
before do
mock_app do
use Travis::Api::App::Cors
get('/check_cors') { 'ok' }
end
end
describe 'normal request' do
before { get('/check_cors').should be_ok }
it 'sets Access-Control-Allow-Origin' do
headers['Access-Control-Allow-Origin'].should == "*"
end
it 'sets Access-Control-Allow-Credentials' do
headers['Access-Control-Allow-Credentials'].should == "true"
end
it 'sets Access-Control-Expose-Headers' do
headers['Access-Control-Expose-Headers'].should == "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
end
describe 'OPTIONS requests' do
before { options('/').should be_ok }
it 'sets Access-Control-Allow-Origin' do
headers['Access-Control-Allow-Origin'].should == "*"
end
it 'sets Access-Control-Allow-Credentials' do
headers['Access-Control-Allow-Credentials'].should == "true"
end
it 'sets Access-Control-Expose-Headers' do
headers['Access-Control-Expose-Headers'].should == "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
end
it 'sets Access-Control-Allow-Methods' do
headers['Access-Control-Allow-Methods'].should == "HEAD, GET, POST, PATCH, PUT, DELETE"
end
it 'sets Access-Control-Allow-Headers' do
headers['Access-Control-Allow-Headers'].should == "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
end
end
end