improve compatibility to old rack versions, fixes #36
This commit is contained in:
parent
cc76630d82
commit
73bfb25eeb
|
@ -1,12 +1,19 @@
|
|||
---
|
||||
rvm:
|
||||
- 1.8.7
|
||||
- 1.9.2
|
||||
- 1.9.3
|
||||
- rbx-18mode
|
||||
- rbx-19mode
|
||||
- jruby
|
||||
- ruby-head
|
||||
notifications:
|
||||
recipients:
|
||||
- k.haase@finn.de
|
||||
rvm: [1.8.7, 1.9.2, 1.9.3, rbx-18mode, rbx-19mode, jruby-18mode, jruby-19mode, jruby-head, ruby-head]
|
||||
env: [rack=1.1.3, rack=stable, rack=master]
|
||||
matrix:
|
||||
include:
|
||||
- { rvm: 1.8.7, env: rack=1.1.3 }
|
||||
- { rvm: 1.9.2, env: rack=stable }
|
||||
- { rvm: 1.9.3, env: rack=1.1.3 }
|
||||
- { rvm: 1.9.3, env: rack=stable }
|
||||
- { rvm: 1.9.3, env: rack=master }
|
||||
- { rvm: rbx-18mode, env: rack=1.1.3 }
|
||||
- { rvm: rbx-19mode, env: rack=stable }
|
||||
- { rvm: jruby-18mode, env: rack=1.1.3 }
|
||||
- { rvm: jruby-19mode, env: rack=stable }
|
||||
- { rvm: jruby-head, env: rack=stable }
|
||||
- { rvm: ruby-head, env: rack=master }
|
||||
allow_failures:
|
||||
- { rvm: ruby-head }
|
||||
- { rvm: jruby-head }
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
source "http://rubygems.org" unless ENV['QUICK']
|
||||
source "http://rubygems.org"
|
||||
|
||||
gem 'rake'
|
||||
|
||||
rack_version = ENV['rack'].to_s
|
||||
rack_version = nil if rack_version.empty? or rack_version == 'stable'
|
||||
rack_version = {:github => 'rack/rack'} if rack_version == 'master'
|
||||
gem 'rack', rack_version
|
||||
|
||||
gemspec
|
||||
|
|
|
@ -11,20 +11,20 @@ module Rack
|
|||
# Does not accept unsafe HTTP requests when value of Origin HTTP request header
|
||||
# does not match default or whitelisted URIs.
|
||||
class HttpOrigin < Base
|
||||
DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }
|
||||
default_reaction :deny
|
||||
|
||||
def base_url(env)
|
||||
request = Rack::Request.new(env)
|
||||
port = ":#{request.port}" unless request.port == DEFAULT_PORTS[request.scheme]
|
||||
"#{request.scheme}://#{request.host}#{port}"
|
||||
end
|
||||
|
||||
def accepts?(env)
|
||||
# only for unsafe request methods
|
||||
safe?(env) and return true
|
||||
# ignore if origin is not set
|
||||
origin = env['HTTP_ORIGIN'] or return true
|
||||
|
||||
# check base url
|
||||
Request.new(env).base_url == origin and return true
|
||||
|
||||
# check whitelist
|
||||
options[:origin_whitelist] or return false
|
||||
options[:origin_whitelist].include?(origin)
|
||||
return true if safe? env
|
||||
return true unless origin = env['HTTP_ORIGIN']
|
||||
return true if base_url(env) == origin
|
||||
Array(options[:origin_whitelist]).include? origin
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
require 'rack/protection'
|
||||
require 'rack/test'
|
||||
require 'rack'
|
||||
require 'forwardable'
|
||||
require 'stringio'
|
||||
|
||||
|
@ -21,6 +22,10 @@ if version == "1.3"
|
|||
end
|
||||
end
|
||||
|
||||
unless Rack::MockResponse.method_defined? :header
|
||||
Rack::MockResponse.send(:alias_method, :header, :headers)
|
||||
end
|
||||
|
||||
module DummyApp
|
||||
def self.call(env)
|
||||
Thread.current[:last_env] = env
|
||||
|
|
Loading…
Reference in New Issue