CORS-related extensions for Strelka HTTP response objects.
The number of seconds a preflight request can be cached
The Array of raw header names that should be allowed on a preflighted request
The Array of raw HTTP verb names that should be allowed on a preflighted request
The origin that should be allowed by the response.
The Array of raw header names that should be exposed on the request.
Add any CORS headers which have been set up to the receiving response.
# File lib/strelka/httpresponse/cors.rb, line 100
def add_cors_headers
origin = self.allowed_origin || self.request.origin.to_s
if self.set_header_if_present( :allow_origin, origin ) && origin != '*'
if (( current_vary = self.header.vary ))
self.header.vary = [current_vary, 'origin'].join( ', ' )
else
self.header.vary = 'origin'
end
end
self.set_header_if_present( :allow_credentials, self.credentials_allowed? )
if self.request.is_preflight?
self.log.debug "Preflight response; adding -Allow- headers"
self.set_header_if_present( :allow_headers, self.allow_headers_header )
self.set_header_if_present( :allow_methods, self.allow_methods_header )
self.set_header_if_present( :max_age, self.access_control_max_age_header )
else
self.log.debug "Regular response; adding -Expose- headers"
self.header.access_control_expose_headers = self.expose_headers_header
end
endSet the headers of the response to indicate that any Origin is allowed.
# File lib/strelka/httpresponse/cors.rb, line 60
def allow_any_origin
self.allow_origin( '*' )
endAllow credentials in a preflighted request.
# File lib/strelka/httpresponse/cors.rb, line 93
def allow_credentials
self.credentials_allowed = true
endAdd header_names to the list of headers that should be allowed
in a preflighted request.
# File lib/strelka/httpresponse/cors.rb, line 76
def allow_headers( *header_names )
self.allowed_headers ||= []
self.allowed_headers += header_names
endAdd verbs to the list of HTTP methods that should be allowed
in a preflighted request.
# File lib/strelka/httpresponse/cors.rb, line 85
def allow_methods( *verbs )
self.allowed_methods ||= []
self.allowed_methods += verbs
endSet the allowed origin for the response.
# File lib/strelka/httpresponse/cors.rb, line 54
def allow_origin( new_origin )
@allowed_origin = new_origin
endWhether or not credentials are allowed in the preflighted request
# File lib/strelka/httpresponse/cors.rb, line 50
attr_predicate_accessor :credentials_allowed
Add header_names to the list of headers that should be exposed
in the response.
# File lib/strelka/httpresponse/cors.rb, line 67
def expose_headers( *header_names )
self.exposed_headers ||= []
self.exposed_headers += header_names
endReturn the value that should be set on the Access-Control-Max-Age header according to the responses access_control_max_age
# File lib/strelka/httpresponse/cors.rb, line 169
def access_control_max_age_header
max_age = self.access_control_max_age or return nil
return max_age.to_i.to_s
endReturn the value that should be set on the Access-Control-Allow-Headers header according to the response's allowed_headers.
# File lib/strelka/httpresponse/cors.rb, line 151
def allow_headers_header
return nil unless self.allowed_headers && !self.allowed_headers.empty?
return self.allowed_headers.map do |header_name|
header_name.to_s.split( /[\-_]+/ ).map( &:capitalize ).join( '-' )
end.sort.uniq.join( ' ' )
endReturn the value that should be set on the Access-Control-Allow-Methods header according to the response's allowed_methods.
# File lib/strelka/httpresponse/cors.rb, line 161
def allow_methods_header
return nil unless self.allowed_methods && !self.allowed_methods.empty?
return self.allowed_methods.map( &:to_s ).sort.uniq.join( ' ' )
endReturn the value that should be set on the Access-Control-Expose-Headers header according to the response's exposed_headers.
# File lib/strelka/httpresponse/cors.rb, line 141
def expose_headers_header
return nil unless self.exposed_headers && !self.exposed_headers.empty?
return self.exposed_headers.map do |header_name|
header_name.to_s.split( /[\-_]+/ ).map( &:capitalize ).join( '-' )
end.sort.uniq.join( ' ' )
endAdd some instance variables to the request object.
# File lib/strelka/httpresponse/cors.rb, line 12
def initialize( * ) # :notnew:
@exposed_headers = []
@allowed_headers = []
@allowed_methods = []
@allowed_origin = nil
@credentials_allowed = false
@access_control_max_age = nil
super
endIf value is not nil or empty, set the access control header
with the specified name to it.
# File lib/strelka/httpresponse/cors.rb, line 130
def set_header_if_present( name, value )
return unless value && !value.to_s.empty?
header_name = "access_control_%s" % [ name ]
self.header[ header_name ] = value.to_s
return value
end