-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signup controller handles CORS by itself #2739
Conversation
Failures seem to be because of shoulda instability. |
I wonder if we could just ignore some paths in our CORS lib instead, like adding a global setting in the config: ignore:
- path: /p/signup |
It is possible to make it configuration. But this particular exception is kind of code induced. And I find it more reasonable to have it handled in code as well. Please ignore failing tests and merge if you agree to keep in code. Or let me know if you want me to make it configuration. |
Well I prefer it is a configuration, later if we want to change for another forgotten controller we should be able to do that as well without redeploying another code. Another valid reason I do not think the CORS class should know anything about the controller |
Ok, I'm checking how to do it. I don't like configuration that should by no use case be changed though. I don't mean if we find or implement something that needs it. I mean users should never change it. |
How about testing, should we test the configuration file that it ignores signup controller or leave it to some other system? |
About testing, this basically can be a gem on its own, adding more functionality to Rack::Cors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would do it with the configuration, In suggestions this is how I would do it. Not completely implemented but that is the idea
e9c4d71
to
4557ace
Compare
Updated, please check again. I didn't notice your suggested changes so I implemented in a little bit different way. One thing is that I wanted to use I also extended tests. I added a test for the example configuration files. I'm not sure if this was the proper way. Another thing I changed is to completely avoid inserting the middleware when it is disabled. This bugged me from the beginning, that we always inserted it. So let me know any suggestions that you have. |
4557ace
to
7b4566b
Compare
7b4566b
to
d6ac5ca
Compare
d6ac5ca
to
30d3a73
Compare
rack-cors
gem handles all pre-flight requests but signup controller has itsown way of handling these. So we make rack-cors skip handling of requests
with the signup controller path.
Otherwise 3scale.net signup form gets broken.
To test you need cors enabled in
config/cors.yml
. The this is with the fix:Without the fix: