nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cross-Origin Resource Sharing

Browse source 
Remove partial support for CORS on webfinger routes and replace
it with the Rack::Cors middleware. This provides more complete
CORS support and works around a caching issue with nginx on
Heroku and potentially other reverse proxies.

CORS headers are only added if the incoming request includes
an "Origin" header, which seems to be correct according to
the CORS spec.

closes #2216
This commit is contained in:
Steven Hancock 2012-03-10 17:26:39 -08:00
parent 854735dc52
commit f2922c943c
4 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Gemfile
View file

@ -8,6 +8,10 @@ gem 'whenever'
gem 'thin', '~> 1.3.1', :require => false gem 'thin', '~> 1.3.1', :require => false
# cross-origin resource sharing
gem 'rack-cors', '~> 0.2.4', :require => 'rack/cors'
# authentication # authentication
gem 'devise', '~> 1.3.1' gem 'devise', '~> 1.3.1'

3
Gemfile.lock
View file

@ -300,6 +300,8 @@ GEM
polyglot (0.3.3) polyglot (0.3.3)
proxies (0.2.1) proxies (0.2.1)
rack (1.2.5) rack (1.2.5)
rack-cors (0.2.4)
rack
rack-fiber_pool (0.9.2) rack-fiber_pool (0.9.2)
rack-google-analytics (0.10.0) rack-google-analytics (0.10.0)
rack-mobile-detect (0.3.0) rack-mobile-detect (0.3.0)
@ -496,6 +498,7 @@ DEPENDENCIES
omniauth-twitter omniauth-twitter
parallel_tests parallel_tests
pg pg
rack-cors (~> 0.2.4)
rack-google-analytics rack-google-analytics
rack-piwik rack-piwik
rack-rewrite (~> 1.2.1) rack-rewrite (~> 1.2.1)

9
app/controllers/publics_controller.rb
View file

@ -12,12 +12,11 @@ class PublicsController < ApplicationController
# We use newrelic_ignore to prevent artifical RPM bloat; however, # We use newrelic_ignore to prevent artifical RPM bloat; however,
# I am commenting this line out for the time being to debug some apparent # I am commenting this line out for the time being to debug some apparent
# issues on Heroku. # issues on Heroku.
# #
# newrelic_ignore if EnviromentConfiguration.using_new_relic? # newrelic_ignore if EnviromentConfiguration.using_new_relic?
skip_before_filter :set_header_data skip_before_filter :set_header_data
skip_before_filter :set_grammatical_gender skip_before_filter :set_grammatical_gender
before_filter :allow_cross_origin, :only => [:hcard, :host_meta, :webfinger]
before_filter :check_for_xml, :only => [:receive, :receive_public] before_filter :check_for_xml, :only => [:receive, :receive_public]
before_filter :authenticate_user!, :only => [:index] before_filter :authenticate_user!, :only => [:index]
@ -82,12 +81,6 @@ class PublicsController < ApplicationController
end end
def allow_cross_origin
headers["Access-Control-Allow-Origin"] = "*"
end
private private
def check_for_xml def check_for_xml

7
config/initializers/cors.rb Normal file
View file

@ -0,0 +1,7 @@
Rails.application.config.middleware.insert 0, Rack::Cors do
allow do
origins '*'
resource '/.well-known/host-meta'
resource '/webfinger'
end
end