From 6a4d5a5c42830136191511b2227d2b0234bcad92 Mon Sep 17 00:00:00 2001 From: "Christopher Temple, Henrique Rodrigues and Rob Jones" <christemple+henriquerodrigues+robertjones@notonthehighstreet.com> Date: Fri, 23 Oct 2015 16:51:03 +0100 Subject: [PATCH] Only modufy the headers if it's a font file --- lib/font_assets/middleware.rb | 40 ++++++++++++++++++++------------- spec/middleware_spec.rb | 42 +++++++++++++++++++++++++---------- 2 files changed, 54 insertions(+), 28 deletions(-) diff --git a/lib/font_assets/middleware.rb b/lib/font_assets/middleware.rb index 32dc028..c27d157 100644 --- a/lib/font_assets/middleware.rb +++ b/lib/font_assets/middleware.rb @@ -21,20 +21,30 @@ def access_control_headers end def call(env) - @ssl_request = Rack::Request.new(env).scheme == "https" + @path = env["PATH_INFO"] + + if font_asset? + set_cross_origin_headers(env) + else + @app.call(env) + end + end + + + private + + def set_cross_origin_headers(env) + @ssl_request = Rack::Request.new(env).ssl? # intercept the "preflight" request if env["REQUEST_METHOD"] == "OPTIONS" return [200, access_control_headers, []] else code, headers, body = @app.call(env) - set_headers! headers, body, env["PATH_INFO"] + set_headers!(headers, body) [code, headers, body] end end - - private - def origin if !wildcard_origin? and allow_ssl? and ssl_request? uri = URI(@origin) @@ -57,26 +67,24 @@ def allow_ssl? @options[:allow_ssl] end - def extension(path) - if path.nil? || path.length == 0 + def extension + if @path.nil? || @path.length == 0 nil else - "." + path.split("?").first.split(".").last + "." + @path.split("?").first.split(".").last end end - def font_asset?(path) - @mime_types.font? extension(path) + def font_asset? + @mime_types.font? extension end - def set_headers!(headers, body, path) - if ext = extension(path) and font_asset?(ext) - headers.merge!(access_control_headers) - headers.merge!('Content-Type' => mime_type(ext)) if headers['Content-Type'] - end + def set_headers!(headers, body) + headers.merge!(access_control_headers) + headers.merge!('Content-Type' => mime_type) if headers['Content-Type'] end - def mime_type(extension) + def mime_type @mime_types[extension] end end diff --git a/spec/middleware_spec.rb b/spec/middleware_spec.rb index 8f40b7d..ae0eae8 100644 --- a/spec/middleware_spec.rb +++ b/spec/middleware_spec.rb @@ -138,24 +138,42 @@ context 'for OPTIONS requests' do let(:app) { load_app 'http://test.options' } - let(:response) { request app, '/test.ttf', :method => 'OPTIONS' } - context 'the response headers' do - subject { response[1] } + context 'to font assets' do + let(:response) { request app, '/test.ttf', :method => 'OPTIONS' } + + context 'the response headers' do + subject { response[1] } + + its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" } + its(["Access-Control-Max-Age"]) { should == "3628800" } + its(['Access-Control-Allow-Methods']) { should == 'GET' } + its(['Access-Control-Allow-Origin']) { should == 'http://test.options' } - its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" } - its(["Access-Control-Max-Age"]) { should == "3628800" } - its(['Access-Control-Allow-Methods']) { should == 'GET' } - its(['Access-Control-Allow-Origin']) { should == 'http://test.options' } + it 'should not contain a Content-Type' do + subject['Content-Type'].should be_nil + end + end - it 'should not contain a Content-Type' do - subject['Content-Type'].should be_nil + context 'the response body' do + subject { response[2] } + it { should be_empty } end end - context 'the response body' do - subject { response[2] } - it { should be_empty } + context 'to non-font assets' do + let(:response) { request app, '/', :method => 'OPTIONS' } + + context 'the response headers' do + subject { response[1] } + + its(["Access-Control-Allow-Headers"]) { should be_nil } + its(["Access-Control-Max-Age"]) { should be_nil } + its(['Access-Control-Allow-Methods']) { should be_nil } + its(['Access-Control-Allow-Origin']) { should be_nil } + its(['Content-Type']) { should == 'text/plain' } + end + end end