scube/scube-server
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix use of nil in CORS filter when request doesn't have an Origin header

Browse Source
This commit is contained in:
Thibault Jouan 2012-05-03 20:58:33 +00:00
parent df6d4991f8
commit b40b4d4df3
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/api/application_controller.rb
View File

@ -5,7 +5,9 @@ class Api::ApplicationController < ApplicationController
before_filter :cor_filter before_filter :cor_filter
def cor_filter def cor_filter
headers['Access-Control-Allow-Origin'] = request.headers['Origin'] headers['Access-Control-Allow-Origin'] = request.headers['Origin'] ?
request.headers['Origin'] :
''
headers['Access-Control-Allow-Credentials'] = 'true' headers['Access-Control-Allow-Credentials'] = 'true'
end end

7
spec/integration/api/cross_origin_request_spec.rb
View File

@ -40,4 +40,11 @@ feature 'API cross origin request' do
response.headers['Access-Control-Allow-Origin'].should == origin response.headers['Access-Control-Allow-Origin'].should == origin
response.headers['Access-Control-Allow-Credentials'].should == 'true' response.headers['Access-Control-Allow-Credentials'].should == 'true'
end end
scenario 'request without origin' do
# FIXME: replace with a more stable/generic action
get api_playlists_path(:format => :json)
response.headers['Access-Control-Allow-Origin'].should == ''
end
end end