Module: SqlChatbot::Auth::Cors

Defined in:
lib/sql_chatbot/auth/cors.rb

Constant Summary collapse

ALLOWED_METHODS = 
"GET, POST, OPTIONS"
ALLOWED_HEADERS = 
"Authorization, Content-Type"
MAX_AGE = 
"86400"

Class Method Summary collapse

Class Method Details

.origin_allowed?(origin, allowed_origins) ⇒ Boolean

Returns:

  • (Boolean) 


10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/sql_chatbot/auth/cors.rb', line 10

def self.origin_allowed?(origin, allowed_origins)
  return false if origin.nil?

  if allowed_origins.is_a?(Array) && allowed_origins.any?
    return allowed_origins.include?(origin)
  end

  # No allowlist: allow localhost in development/test only
  if Rails.env.development? || Rails.env.test?
    return origin.match?(/\Ahttps?:\/\/localhost(:\d+)?\z/)
  end

  false
end

.set_headers(response, origin) ⇒ Object 



25
26
27
28
29
30
31
32
 
# File 'lib/sql_chatbot/auth/cors.rb', line 25

def self.set_headers(response, origin)
  response.headers["Access-Control-Allow-Origin"] = origin
  response.headers["Access-Control-Allow-Methods"] = ALLOWED_METHODS
  response.headers["Access-Control-Allow-Headers"] = ALLOWED_HEADERS
  response.headers["Access-Control-Max-Age"] = MAX_AGE
  existing_vary = response.headers["Vary"]
  response.headers["Vary"] = existing_vary ? "#{existing_vary}, Origin" : "Origin"
end