improve compatibility to old rack versions, fixes #36

2012-12-12 11:03:07 +01:00 · 2012-12-12 11:03:07 +01:00 · 73bfb25eeb
parent cc76630d82
commit 73bfb25eeb
4 changed files with 42 additions and 23 deletions
--- a/rack-protection/.travis.yml
+++ b/rack-protection/.travis.yml
@ -1,12 +1,19 @@
 ---
-rvm:
- 1.8.7
- 1.9.2
- 1.9.3
- rbx-18mode
- rbx-19mode
- jruby
- ruby-head
-notifications:
-  recipients:
-  - k.haase@finn.de
+rvm: [1.8.7, 1.9.2, 1.9.3, rbx-18mode, rbx-19mode, jruby-18mode, jruby-19mode, jruby-head, ruby-head]
+env: [rack=1.1.3, rack=stable, rack=master]
+matrix:
+  include:
+    - { rvm: 1.8.7,         env: rack=1.1.3  }
+    - { rvm: 1.9.2,         env: rack=stable }
+    - { rvm: 1.9.3,         env: rack=1.1.3  }
+    - { rvm: 1.9.3,         env: rack=stable }
+    - { rvm: 1.9.3,         env: rack=master }
+    - { rvm: rbx-18mode,    env: rack=1.1.3  }
+    - { rvm: rbx-19mode,    env: rack=stable }
+    - { rvm: jruby-18mode,  env: rack=1.1.3  }
+    - { rvm: jruby-19mode,  env: rack=stable }
+    - { rvm: jruby-head,    env: rack=stable }
+    - { rvm: ruby-head,     env: rack=master }
+  allow_failures:
+    - { rvm: ruby-head  }
+    - { rvm: jruby-head }
--- a/rack-protection/Gemfile
+++ b/rack-protection/Gemfile
@ -1,3 +1,10 @@
-source "http://rubygems.org" unless ENV['QUICK']
+source "http://rubygems.org"
+
 gem 'rake'
+
+rack_version = ENV['rack'].to_s
+rack_version = nil if rack_version.empty? or rack_version == 'stable'
+rack_version = {:github => 'rack/rack'} if rack_version == 'master'
+gem 'rack', rack_version
+
 gemspec
--- a/rack-protection/lib/rack/protection/http_origin.rb
+++ b/rack-protection/lib/rack/protection/http_origin.rb
@ -11,20 +11,20 @@ module Rack
    # Does not accept unsafe HTTP requests when value of Origin HTTP request header
    # does not match default or whitelisted URIs.
    class HttpOrigin < Base
+      DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }
      default_reaction :deny

+      def base_url(env)
+        request = Rack::Request.new(env)
+        port = ":#{request.port}" unless request.port == DEFAULT_PORTS[request.scheme]
+        "#{request.scheme}://#{request.host}#{port}"
+      end
+
      def accepts?(env)
-        # only for unsafe request methods
-        safe?(env) and return true
-        # ignore if origin is not set
-        origin = env['HTTP_ORIGIN'] or return true
-
-        # check base url
-        Request.new(env).base_url == origin and return true
-
-        # check whitelist
-        options[:origin_whitelist] or return false
-        options[:origin_whitelist].include?(origin)
+        return true if safe? env
+        return true unless origin = env['HTTP_ORIGIN']
+        return true if base_url(env) == origin
+        Array(options[:origin_whitelist]).include? origin
      end

    end
--- a/rack-protection/spec/spec_helper.rb
+++ b/rack-protection/spec/spec_helper.rb
@ -1,5 +1,6 @@
 require 'rack/protection'
 require 'rack/test'
+require 'rack'
 require 'forwardable'
 require 'stringio'

@ -21,6 +22,10 @@ if version == "1.3"
  end
 end

+unless Rack::MockResponse.method_defined? :header
+  Rack::MockResponse.send(:alias_method, :header, :headers)
+end
+
 module DummyApp
  def self.call(env)
    Thread.current[:last_env] = env