class Rack::CorsGateOriginProcessor

CorsGateOriginProcessor allows:

Public Class Methods

new(app, opts = {}) click to toggle source
# File lib/classes/cors_gate_origin_processor.rb, line 7
def initialize(app, opts = {})
  @app = app
  @remove_null_origin = opts[:remove_null_origin] || false
end

Public Instance Methods

call(env) click to toggle source
# File lib/classes/cors_gate_origin_processor.rb, line 12
def call(env)
  if @remove_null_origin
    # Consider Chrome's "null" origin the same as no origin being set at all

    env.delete('HTTP_ORIGIN') if env['HTTP_ORIGIN'] == 'null'
    env.delete('HTTP_X_ORIGIN') if env['HTTP_X_ORIGIN'] == 'null'
  end

  # Use referer header if no origin-header is present

  origin = env['HTTP_X_ORIGIN'] || env['HTTP_ORIGIN']
  referer = env['HTTP_REFERER']

  if origin.nil? && referer
    env['HTTP_ORIGIN'] = referer_to_origin(referer)
  end

  @app.call(env)
end

Private Instance Methods

is_standard_port(uri) click to toggle source
# File lib/classes/cors_gate_origin_processor.rb, line 44
def is_standard_port(uri)
  return true if uri.scheme == 'https' && uri.port == 443
  return true if uri.scheme == 'http' && uri.port == 80
  false
end
referer_to_origin(referer) click to toggle source
# File lib/classes/cors_gate_origin_processor.rb, line 34
def referer_to_origin(referer)
  uri = URI(referer)

  if is_standard_port(uri)
    "#{uri.scheme}://#{uri.host}"
  else
    "#{uri.scheme}://#{uri.host}:#{uri.port}"
  end
end