class Actn::Api::Mw::Cors

Attributes

options[RW]

Public Class Methods

new(app) click to toggle source
# File lib/actn/api/mw/cors.rb, line 16
def initialize(app)
  @app = app
end

Public Instance Methods

call(env) click to toggle source
Calls superclass method
# File lib/actn/api/mw/cors.rb, line 20
def call(env)
  if env['REQUEST_METHOD'] == 'OPTIONS'
    [200, cors_headers(env,false), []]
  else
    super(env)
  end
end
post_process(env, status, headers, body) click to toggle source
# File lib/actn/api/mw/cors.rb, line 28
def post_process(env, status, headers, body)
  headers = cors_headers(env).merge(headers)
  [status, headers, body]
end

Private Instance Methods

cors_headers(env, csrf = true) click to toggle source
# File lib/actn/api/mw/cors.rb, line 37
def cors_headers env, csrf = true
  headers = {}
  headers['Access-Control-Allow-Credentials'] = 'true'
  headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN']
  headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS'
  headers['Access-Control-Allow-Headers'] = '*, X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Origin, Accept, Content-Type, Referer'
  headers['Access-Control-Expose-Headers'] = 'X_CSRF_TOKEN, X_APIKEY'
  headers['Access-Control-Max-Age'] = "#{Client::TTL}"
  headers['P3P'] = 'CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"'
  
  headers['X_CSRF_TOKEN'] = Rack::Csrf.token(env) if csrf
  
  client_headers_to_approve = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'].to_s.gsub(/[^\w\-\,]+/,'') 
  headers['Access-Control-Allow-Headers'] += ",#{client_headers_to_approve}" if not client_headers_to_approve.empty?
            
  headers
end