Fix bug with OPTIONS requests that were not for font assets

lib/font_assets/middleware.rb

@@ -21,20 +21,30 @@ def access_control_headers
     end
 
     def call(env)
-      @ssl_request = Rack::Request.new(env).scheme == "https"
+      @path = env["PATH_INFO"]
+
+      if font_asset?
+        set_cross_origin_headers(env)
+      else
+        @app.call(env)
+      end
+    end
+
+
+    private
+
+    def set_cross_origin_headers(env)
+      @ssl_request = Rack::Request.new(env).ssl?
       # intercept the "preflight" request
       if env["REQUEST_METHOD"] == "OPTIONS"
         return [200, access_control_headers, []]
       else
         code, headers, body = @app.call(env)
-        set_headers! headers, body, env["PATH_INFO"]
+        set_headers!(headers, body)
         [code, headers, body]
       end
     end
 
-
-    private
-
     def origin
       if !wildcard_origin? and allow_ssl? and ssl_request?
         uri = URI(@origin)
@@ -57,26 +67,24 @@ def allow_ssl?
       @options[:allow_ssl]
     end
 
-    def extension(path)
-      if path.nil? || path.length == 0
+    def extension
+      if @path.nil? || @path.length == 0
         nil
       else
-        "." + path.split("?").first.split(".").last
+        "." + @path.split("?").first.split(".").last
       end
     end
 
-    def font_asset?(path)
-      @mime_types.font? extension(path)
+    def font_asset?
+      @mime_types.font? extension
     end
 
-    def set_headers!(headers, body, path)
-      if ext = extension(path) and font_asset?(ext)
-        headers.merge!(access_control_headers)
-        headers.merge!('Content-Type' => mime_type(ext)) if headers['Content-Type']
-      end
+    def set_headers!(headers, body)
+      headers.merge!(access_control_headers)
+      headers.merge!('Content-Type' => mime_type) if headers['Content-Type']
     end
 
-    def mime_type(extension)
+    def mime_type
       @mime_types[extension]
     end
   end

spec/middleware_spec.rb

@@ -138,24 +138,42 @@
 
   context 'for OPTIONS requests' do
     let(:app) { load_app 'http://test.options' }
-    let(:response) { request app, '/test.ttf', :method => 'OPTIONS' }
 
-    context 'the response headers' do
-      subject { response[1] }
+    context 'to font assets' do
+      let(:response) { request app, '/test.ttf', :method => 'OPTIONS' }
+
+      context 'the response headers' do
+        subject { response[1] }
+
+        its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" }
+        its(["Access-Control-Max-Age"]) { should == "3628800" }
+        its(['Access-Control-Allow-Methods']) { should == 'GET' }
+        its(['Access-Control-Allow-Origin']) { should == 'http://test.options' }
 
-      its(["Access-Control-Allow-Headers"]) { should == "x-requested-with" }
-      its(["Access-Control-Max-Age"]) { should == "3628800" }
-      its(['Access-Control-Allow-Methods']) { should == 'GET' }
-      its(['Access-Control-Allow-Origin']) { should == 'http://test.options' }
+        it 'should not contain a Content-Type' do
+          subject['Content-Type'].should be_nil
+        end
+      end
 
-      it 'should not contain a Content-Type' do
-        subject['Content-Type'].should be_nil
+      context 'the response body' do
+        subject { response[2] }
+        it { should be_empty }
       end
     end
 
-    context 'the response body' do
-      subject { response[2] }
-      it { should be_empty }
+    context 'to non-font assets' do
+      let(:response) { request app, '/', :method => 'OPTIONS' }
+
+      context 'the response headers' do
+        subject { response[1] }
+
+        its(["Access-Control-Allow-Headers"]) { should be_nil }
+        its(["Access-Control-Max-Age"]) { should be_nil }
+        its(['Access-Control-Allow-Methods']) { should be_nil }
+        its(['Access-Control-Allow-Origin']) { should be_nil }
+        its(['Content-Type']) { should == 'text/plain' }
+      end
+
     end
   end