class Actn::Api::Mw::Cors
Attributes
options[RW]
Public Class Methods
new(app)
click to toggle source
# File lib/actn/api/mw/cors.rb, line 16 def initialize(app) @app = app end
Public Instance Methods
call(env)
click to toggle source
Calls superclass method
# File lib/actn/api/mw/cors.rb, line 20 def call(env) if env['REQUEST_METHOD'] == 'OPTIONS' [200, cors_headers(env,false), []] else super(env) end end
post_process(env, status, headers, body)
click to toggle source
# File lib/actn/api/mw/cors.rb, line 28 def post_process(env, status, headers, body) headers = cors_headers(env).merge(headers) [status, headers, body] end
Private Instance Methods
cors_headers(env, csrf = true)
click to toggle source
# File lib/actn/api/mw/cors.rb, line 37 def cors_headers env, csrf = true headers = {} headers['Access-Control-Allow-Credentials'] = 'true' headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN'] headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS' headers['Access-Control-Allow-Headers'] = '*, X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Origin, Accept, Content-Type, Referer' headers['Access-Control-Expose-Headers'] = 'X_CSRF_TOKEN, X_APIKEY' headers['Access-Control-Max-Age'] = "#{Client::TTL}" headers['P3P'] = 'CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"' headers['X_CSRF_TOKEN'] = Rack::Csrf.token(env) if csrf client_headers_to_approve = env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'].to_s.gsub(/[^\w\-\,]+/,'') headers['Access-Control-Allow-Headers'] += ",#{client_headers_to_approve}" if not client_headers_to_approve.empty? headers end