Class: Profiler::Middleware::CorsMiddleware

Inherits:

Object

• Object
• Profiler::Middleware::CorsMiddleware

Defined in:

lib/profiler/middleware/cors_middleware.rb

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ CorsMiddleware constructor

  A new instance of CorsMiddleware.

Constructor Details

#initialize(app) ⇒ CorsMiddleware

Returns a new instance of CorsMiddleware.

# File 'lib/profiler/middleware/cors_middleware.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/profiler/middleware/cors_middleware.rb', line 10

def call(env)
  # Apply CORS and frame options to all profiler endpoints
  if env['PATH_INFO'].start_with?('/_profiler/')
    # Handle OPTIONS preflight request
    if env['REQUEST_METHOD'] == 'OPTIONS'
      return [
        200,
        cors_headers(env),
        ['']
      ]
    end

    status, headers, body = @app.call(env)

    # Add CORS headers
    cors_headers(env).each do |key, value|
      headers[key] = value
    end

    # Allow embedding in iframes from Chrome extensions
    headers.delete('X-Frame-Options')
    # Don't set CSP if controller requested to skip it
    unless env['profiler.skip_csp']
      # Allow embedding from standard web origins
      headers['Content-Security-Policy'] = "frame-ancestors 'self' http: https:"
    end

    [status, headers, body]
  else
    @app.call(env)
  end
end