Permalink
Browse files

Switch cors origin match to string equality

  • Loading branch information...
1 parent e4ba7a3 commit a625497fcf3346719b3547b5f48d308e35d9f052 @timewald timewald committed Mar 30, 2013
@@ -15,27 +15,27 @@
[io.pedestal.service.log :as log]
[ring.util.response :as ring-response]))
-(defn allowed?
- [allowed-origins origin]
- (some #(re-find % origin) allowed-origins))
(definterceptorfn allow-origin
[allowed-origins]
- (around ::allow-origin
- (fn [context]
- (if-let [origin (get-in context [:request :headers "origin"])]
- (let [allowed (allowed? allowed-origins origin)]
- (log/debug :msg "cors processing"
- :origin origin
- :allowed allowed)
- (if allowed
- (assoc context :cors-headers {"Access-Control-Allow-Origin" origin})
- (assoc context :response {:status 403 :body "Forbidden" :headers {}})))
- context))
- (fn [context]
- (if-not (servlet-interceptor/response-sent? context)
- (update-in context [:response :headers] merge (:cors-headers context))
- context))))
+ (let [allowed? (if (fn? allowed-origins)
+ allowed-origins
+ (fn [origin] (some #(= % origin) (seq allowed-origins))))]
+ (around ::allow-origin
+ (fn [context]
+ (if-let [origin (get-in context [:request :headers "origin"])]
+ (let [allowed (allowed? origin)]
+ (log/debug :msg "cors processing"
+ :origin origin
+ :allowed allowed)
+ (if allowed
+ (assoc context :cors-headers {"Access-Control-Allow-Origin" origin})
+ (assoc context :response {:status 403 :body "Forbidden" :headers {}})))
+ context))
+ (fn [context]
+ (if-not (servlet-interceptor/response-sent? context)
+ (update-in context [:response :headers] merge (:cors-headers context))
+ context)))))
(defbefore dev-allow-origin
[context]
@@ -29,7 +29,7 @@
(def app
(::service/service-fn (-> {::service/routes routes
- ::service/allowed-origins [#"foo.com"]}
+ ::service/allowed-origins ["http://foo.com:8080"]}
service/default-interceptors
service/service-fn)))
@@ -59,7 +59,7 @@
(end-event-stream sse-context)
(deliver semaphore (.isCommitted (:servlet-response sse-context))))
interceptor-context (interceptor/enqueue fake-context
- (cors/allow-origin [#"foo.com"])
+ (cors/allow-origin ["http://foo.com:8080"])
(start-event-stream sse-rig))]
(log/info :context interceptor-context
:queue (seq (:io.pedestal.service.impl.interceptor/queue interceptor-context)))

0 comments on commit a625497

Please sign in to comment.