Allow different protocols, don't assume http #17

sandstrom opened this Issue Jan 15, 2013 · 0 comments


None yet

2 participants

First, this is a great rack application, I was thrilled to find it!

A minor thing that I ran into though:

The app won't work with our origin content:// (used by among others). I solved it using a regular expression /content\:\/\/com\.skovik\.mobile/ which gets special treatment.

My suggestions for improvements:

  1. If a protocol is specified, pass the entire origin string through.†
  2. When no protocol is specified, allow any protocol. This would require some work, separating the protocol from domain in the logic determining origin matches.

† Look for :// to determine if a protocol is included, the current code checks specifically for file://, https:// and http:// allow them through.

For reference, this is the code I'm using:

config.middleware.use Rack::Cors do
  allow do
    origins /content\:\/\/com\.company\.app/
    resource '*', :headers => :any, :methods => [:get, :post, :put, :patch, :delete, :options]
@cyu cyu closed this in e2a08d4 Oct 19, 2014
@cyu cyu self-assigned this Oct 19, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment