mirror of
https://github.com/hakanensari/frankfurter.git
synced 2024-11-25 12:32:30 +01:00
Use rack-cors
We will only return Access-Control headers if request includes an Origin header Fixes #18
This commit is contained in:
parent
07781b6d76
commit
250095d262
1
Gemfile
1
Gemfile
@ -7,6 +7,7 @@ ruby '2.3.1'
|
|||||||
gem 'fixer'
|
gem 'fixer'
|
||||||
gem 'newrelic_rpm'
|
gem 'newrelic_rpm'
|
||||||
gem 'oj'
|
gem 'oj'
|
||||||
|
gem 'rack-cors'
|
||||||
gem 'rake'
|
gem 'rake'
|
||||||
gem 'sequel_pg'
|
gem 'sequel_pg'
|
||||||
gem 'sinatra'
|
gem 'sinatra'
|
||||||
|
@ -22,6 +22,7 @@ GEM
|
|||||||
method_source (~> 0.8.1)
|
method_source (~> 0.8.1)
|
||||||
slop (~> 3.4)
|
slop (~> 3.4)
|
||||||
rack (1.6.4)
|
rack (1.6.4)
|
||||||
|
rack-cors (0.4.0)
|
||||||
rack-protection (1.5.3)
|
rack-protection (1.5.3)
|
||||||
rack
|
rack
|
||||||
rack-test (0.6.3)
|
rack-test (0.6.3)
|
||||||
@ -57,6 +58,7 @@ DEPENDENCIES
|
|||||||
newrelic_rpm
|
newrelic_rpm
|
||||||
oj
|
oj
|
||||||
pry
|
pry
|
||||||
|
rack-cors
|
||||||
rack-test
|
rack-test
|
||||||
rake
|
rake
|
||||||
sequel_pg
|
sequel_pg
|
||||||
|
27
lib/api.rb
27
lib/api.rb
@ -2,22 +2,9 @@
|
|||||||
|
|
||||||
require 'oj'
|
require 'oj'
|
||||||
require 'sinatra'
|
require 'sinatra'
|
||||||
|
require 'rack/cors'
|
||||||
require 'quote'
|
require 'quote'
|
||||||
|
|
||||||
configure do
|
|
||||||
set :options_response_headers,
|
|
||||||
'Allow' => 'GET, HEAD, OPTIONS',
|
|
||||||
'Access-Control-Allow-Headers' => 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept'
|
|
||||||
|
|
||||||
set :cors_response_headers,
|
|
||||||
'Access-Control-Allow-Credentials' => 'true',
|
|
||||||
'Access-Control-Allow-Headers' => '*, Content-Type, Accept, AUTHORIZATION, Cache-Control',
|
|
||||||
'Access-Control-Allow-Methods' => 'GET, HEAD, OPTIONS',
|
|
||||||
'Access-Control-Allow-Origin' => '*',
|
|
||||||
'Access-Control-Expose-Headers' => 'Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma',
|
|
||||||
'Access-Control-Max-Age' => '1728000'
|
|
||||||
end
|
|
||||||
|
|
||||||
configure :development do
|
configure :development do
|
||||||
set :show_exceptions, :after_handler
|
set :show_exceptions, :after_handler
|
||||||
end
|
end
|
||||||
@ -60,26 +47,28 @@ helpers do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
|
use Rack::Cors do
|
||||||
|
allow do
|
||||||
|
origins '*'
|
||||||
|
resource '*'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
options '*' do
|
options '*' do
|
||||||
headers settings.options_response_headers
|
|
||||||
200
|
200
|
||||||
end
|
end
|
||||||
|
|
||||||
get '/' do
|
get '/' do
|
||||||
enable_cross_origin
|
|
||||||
last_modified App.released_at
|
last_modified App.released_at
|
||||||
jsonp details: 'http://fixer.io', version: App.version
|
jsonp details: 'http://fixer.io', version: App.version
|
||||||
end
|
end
|
||||||
|
|
||||||
get '/latest' do
|
get '/latest' do
|
||||||
enable_cross_origin
|
|
||||||
last_modified quote[:date]
|
last_modified quote[:date]
|
||||||
jsonp quote
|
jsonp quote
|
||||||
end
|
end
|
||||||
|
|
||||||
get(/(?<date>\d{4}-\d{2}-\d{2})/) do
|
get(/(?<date>\d{4}-\d{2}-\d{2})/) do
|
||||||
enable_cross_origin
|
|
||||||
last_modified quote[:date]
|
last_modified quote[:date]
|
||||||
jsonp quote
|
jsonp quote
|
||||||
end
|
end
|
||||||
|
@ -51,16 +51,17 @@ describe 'the API' do
|
|||||||
|
|
||||||
it 'allows cross-origin requests' do
|
it 'allows cross-origin requests' do
|
||||||
%w(/ /latest /2012-11-20).each do |path|
|
%w(/ /latest /2012-11-20).each do |path|
|
||||||
|
header 'Origin', '*'
|
||||||
get path
|
get path
|
||||||
assert_equal '*', headers['Access-Control-Allow-Origin']
|
|
||||||
refute_empty headers['Access-Control-Allow-Methods']
|
refute_empty headers['Access-Control-Allow-Methods']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'responds to preflight requests' do
|
it 'responds to preflight requests' do
|
||||||
options '/'
|
%w(/ /latest /2012-11-20).each do |path|
|
||||||
refute_empty headers['Allow']
|
header 'Origin', '*'
|
||||||
refute_empty headers['Access-Control-Allow-Headers']
|
options path
|
||||||
last_response.must_be :ok?
|
refute_empty headers['Access-Control-Allow-Methods']
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user