From e6ac6809d11a3c699c82464ce17358722d8f347f Mon Sep 17 00:00:00 2001 From: Jason Desrosiers Date: Tue, 25 Jul 2017 19:02:48 -0700 Subject: [PATCH] Update for Sinatra 2.0 --- Gemfile | 4 ++-- README.md | 29 +++++++++++++++++++++-------- lib/sinatra/cors.rb | 4 +++- sinatra-cors.gemspec | 4 ++-- spec/cors_spec.rb | 2 +- spec/fixture.rb | 10 ++++------ 6 files changed, 33 insertions(+), 20 deletions(-) diff --git a/Gemfile b/Gemfile index 81a863f..6c08b3f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ source "https://rubygems.org" gem 'guard-rspec', '~> 4.7', '>= 4.7.3' -gem 'rack-test', '~> 0.6.3' -gem 'sinatra', '~> 1.4', '>= 1.4.8' +gem 'rack-test', '~> 0.7.0' +gem 'sinatra', '~> 2.0' diff --git a/README.md b/README.md index e01773f..93b9070 100644 --- a/README.md +++ b/README.md @@ -12,23 +12,36 @@ Quick Start ----------- The following is an example of how to create a CORS enabled route with some typical default configuration. -**IMPORTANT:** The plugin handles OPTIONS requests automatically, but if you have reason to add OPTIONS routes for some or all of your routes manually, you will need to put the `register Sinatra::Cors` line after the OPTIONS routes that you create. - -**IMPORTANT:** The CORS settings must come after the `register Sinatra::Cors` line. - ```ruby require "sinatra" require "sinatra/cors" +set :allow_origin, "http://example.com http://foo.com" +set :allow_methods, "GET HEAD POST" +set :allow_headers, "content-type" + get "/foo" do "foo" end +``` -register Sinatra::Cors +Or, for a modular style application. -set :allow_origin, "http://example.com http://foo.com" -set :allow_methods, "GET HEAD POST" -set :allow_headers, "content-type" +```ruby +require "sinatra" +require "sinatra/cors" + +class Foo < Sinatra::Base + register Sinatra::Cors + + set :allow_origin, "http://example.com http://foo.com" + set :allow_methods, "GET HEAD POST" + set :allow_headers, "content-type" + + get "/foo" do + "foo" + end +end ``` Settings diff --git a/lib/sinatra/cors.rb b/lib/sinatra/cors.rb index f8e8c39..f4e17ba 100644 --- a/lib/sinatra/cors.rb +++ b/lib/sinatra/cors.rb @@ -61,7 +61,7 @@ def allowed_methods matches = [] settings.routes.each do |method, routes| routes.each do |route| - process_route(route[0], route[1], route[2]) do |application, pattern| + process_route(route[0], route[1]) do |application, pattern| matches << method end end @@ -118,4 +118,6 @@ def self.registered(app) end end end + + register Cors end diff --git a/sinatra-cors.gemspec b/sinatra-cors.gemspec index 60ed508..1a01a0d 100644 --- a/sinatra-cors.gemspec +++ b/sinatra-cors.gemspec @@ -1,7 +1,7 @@ Gem::Specification.new do |s| s.name = "sinatra-cors" - s.version = "0.2.0" - s.date = "2017-06-28" + s.version = "1.0.0" + s.date = "2017-07-25" s.summary = "CORS support for Sinatra applications" s.description = <<-EOT This Sinatra plugin supports the full CORS spec including automatic support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The plugin logs to the default logger to guide you in setting things up properly. It will tell you why a CORS request failed and tell you how to fix it. diff --git a/spec/cors_spec.rb b/spec/cors_spec.rb index 432d275..a6a8720 100644 --- a/spec/cors_spec.rb +++ b/spec/cors_spec.rb @@ -62,7 +62,7 @@ def app end it "should have an Allow header build from existing routes" do - expect(last_response["Allow"]).to eq("GET HEAD DELETE OPTIONS") + expect(last_response["Allow"]).to eq("OPTIONS GET HEAD DELETE") end it "should have an Access-Control-Allow-Methods header that includes only the method requested" do diff --git a/spec/fixture.rb b/spec/fixture.rb index f2e39d9..350ef40 100644 --- a/spec/fixture.rb +++ b/spec/fixture.rb @@ -1,6 +1,10 @@ require "sinatra" require "./lib/sinatra/cors" +set :allow_origin, "http://example.com http://foo.com" +set :allow_methods, "GET HEAD POST" +set :allow_headers, "content-type if-modified-since" + get "/foo/:id" do "foo" end @@ -12,9 +16,3 @@ post "/bar/:id" do "bar" end - -register Sinatra::Cors - -set :allow_origin, "http://example.com http://foo.com" -set :allow_methods, "GET HEAD POST" -set :allow_headers, "content-type if-modified-since"