zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-24 19:48:28 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1012 from internetee/add-handling-of-cors-headers

Browse source 
Ensure cors headers are also returned for other requests
This commit is contained in:
Timo Võhmar 2018-10-17 11:54:54 +03:00 committed by GitHub
commit c02f98abc1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/cors_controller.rb
View file

@ -9,7 +9,7 @@ module Api
end
def set_access_control_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, ' \
'Authorization, Token, Auth-Token, '\

5
app/controllers/api/v1/registrant/auth_controller.rb
View file

@ -5,6 +5,7 @@ module Api
module V1
module Registrant
class AuthController < ActionController::API
before_action :set_cors_header
before_action :check_ip_whitelist
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
@ -27,6 +28,10 @@ module Api
private
def set_cors_header
response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
end
def eid_params
required_params = %i[ident first_name last_name]
required_params.each_with_object(params) do |key, obj|

5
app/controllers/api/v1/registrant/base_controller.rb
View file

@ -5,6 +5,7 @@ module Api
module V1
module Registrant
class BaseController < ActionController::API
before_action :set_cors_header
before_action :authenticate
before_action :set_paper_trail_whodunnit
@ -17,6 +18,10 @@ module Api
private
def set_cors_header
response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
end
def bearer_token
pattern = /^Bearer /
header = request.headers['Authorization']

14
test/integration/api/registrant/registrant_api_cors_headers_test.rb
View file

@ -2,7 +2,7 @@ require 'test_helper'
class RegistrantApiCorsHeadersTest < ApplicationIntegrationTest
def test_returns_200_response_code_for_options_request
options '/api/v1/registrant/auth/eid', {}
options '/api/v1/registrant/auth/eid', {}, { 'Origin' => 'https://example.com' }
assert_equal('200', response.code)
end
@ -10,7 +10,7 @@ class RegistrantApiCorsHeadersTest < ApplicationIntegrationTest
def test_returns_expected_headers_for_options_requests
options '/api/v1/registrant/auth/eid', {}, { 'Origin' => 'https://example.com' }
assert_equal('*', response.headers['Access-Control-Allow-Origin'])
assert_equal('https://example.com', response.headers['Access-Control-Allow-Origin'])
assert_equal('POST, GET, PUT, PATCH, DELETE, OPTIONS',
response.headers['Access-Control-Allow-Methods'])
assert_equal('Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email, ' \
@ -20,8 +20,16 @@ class RegistrantApiCorsHeadersTest < ApplicationIntegrationTest
end
def test_returns_empty_body
options '/api/v1/registrant/auth/eid', {}
options '/api/v1/registrant/auth/eid', { 'Origin' => 'https://example.com' }
assert_equal('', response.body)
end
def test_it_returns_cors_headers_for_other_requests
post '/api/v1/registrant/auth/eid', {}, { 'Origin' => 'https://example.com' }
assert_equal('https://example.com', response.headers['Access-Control-Allow-Origin'])
get '/api/v1/registrant/contacts', {}, { 'Origin' => 'https://example.com' }
assert_equal('https://example.com', response.headers['Access-Control-Allow-Origin'])
end
end