GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Attached is some very simple middleware to allow Cross Origin Resource Sharing for a flexible list of domains. The list of domains that is passed as an argument to the middleware can contain the same kind of wildcards that shell globs can (underneath the hood, I use File.fnmatch? to check Origins against patterns).
Add Rack::CORS, middleware for flexibly enabling Cross Origin Resourc…
…e Sharing for a list of domains or domain patterns
Could you not use a class variable here?
Yes. In practice, they'd be no different. I don't actually remember why I had it written this way in the first place, though. Feel free to change it
@RafeKettler please rewrite this with an instance variable, thanks!
domain_patterns should be an instance variable, which can be fixed up on merge. Other than that, anything that makes CORS easier to deal with gets my vote. I'm especially keen on the presence of test cases.
might be interesting to compare to the popular font_assets gem https://github.com/ericallam/font_assets/blob/master/lib/font_assets/middleware.rb
@ericallam could we get your feedback on this PR?
notably, this PR doesn't set
"Access-Control-Allow-Methods" => "GET",
"Access-Control-Allow-Headers" => "x-requested-with",
"Access-Control-Max-Age" => "3628800"
and maybe there are other best practices.
There are two very popular CORS gems, https://github.com/cyu/rack-cors and https://github.com/ericallam/font_assets. We should avoid being redundant with these.
rack-cors is actively developed. Does this PR do anything that rack-cors doesn't do? Maybe when this PR was submitted in 2012 rack-cors wasn't sufficient.
I would vote to close this and not merge it unless @RafeKettler or someone else knows that this code does something that rack-cors does not do (and even if that's the case, perhaps it would be more appropriate as a patch to rack-cors).
Good call, @jjb. I wasn't aware of the other available options.
I'll leave this open another couple of days, and if nobody comes up with a reason why this PR is needed, I'll drop it.
Given no objections, and having looked at the other available options and found them quite tasty, I'm closing this PR.