[libplack-middleware-crossorigin-perl] 01/13: Use single comma separated header for IE compatibility
Jonas Smedegaard
dr at jones.dk
Tue Aug 4 10:39:23 UTC 2015
This is an automated email from the git hooks/post-receive script.
js pushed a commit to branch master
in repository libplack-middleware-crossorigin-perl.
commit 69f7b89fbdfecaaa5e8f1eff2edfd01f795d5a8f
Author: Shane Corgatelli <shane at eznettools.com>
Date: Thu Dec 4 17:32:25 2014 -0700
Use single comma separated header for IE compatibility
For the benefit of IE, generate access control headers with comma
separated values rather than a header for each value. It appears that
at least IE 11 only looks at the first 'Access-Control-Allow-Headers'
header.
---
lib/Plack/Middleware/CrossOrigin.pm | 9 +++------
t/basic.t | 39 +++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 6 deletions(-)
diff --git a/lib/Plack/Middleware/CrossOrigin.pm b/lib/Plack/Middleware/CrossOrigin.pm
index 4742dd5..b224f6e 100644
--- a/lib/Plack/Middleware/CrossOrigin.pm
+++ b/lib/Plack/Middleware/CrossOrigin.pm
@@ -165,10 +165,8 @@ sub call {
if (defined $self->max_age) {
push @headers, 'Access-Control-Max-Age' => $self->max_age;
}
- push @headers, 'Access-Control-Allow-Methods' => $_
- for @$allowed_methods;
- push @headers, 'Access-Control-Allow-Headers' => $_
- for @$allowed_headers;
+ push @headers, 'Access-Control-Allow-Methods' => join ', ', @$allowed_methods;
+ push @headers, 'Access-Control-Allow-Headers' => join ', ', @$allowed_headers;
$res = _response_success();
}
@@ -185,8 +183,7 @@ sub call {
$expose_headers = [keys %headers];
}
- push @headers, 'Access-Control-Expose-Headers' => $_
- for @$expose_headers;
+ push @headers, 'Access-Control-Expose-Headers' => join ', ', @$expose_headers;
push @{ $res->[1] }, @headers;
});
diff --git a/t/basic.t b/t/basic.t
index abed394..09f2377 100644
--- a/t/basic.t
+++ b/t/basic.t
@@ -240,4 +240,43 @@ test_psgi
ok ! $has_run, 'continue_on_failure doesn\'t run main app for preflighted request';
};
+{
+ # Test that the access control headers are returned as single headers
+ # with comma-separated values. IE 11 (at least) appears to only evaluate
+ # the first 'Access-Control-Allow-Headers' header.
+ #
+ # We can't use test_psgi for this test because after the PSGI response
+ # is parsed by HTTP::Response we can no longer tell how the headers were
+ # actually formatted.
+ my $app = builder {
+ enable 'CrossOrigin',
+ origins => [ 'http://www.example.com' ],
+ methods => ['GET', 'POST'],
+ headers => ['X-Extra-Header', 'X-Extra-Header-2'],
+ expose_headers => ['X-Exposed-Header', 'X-Exposed-Header2'],
+ ;
+ sub { [ 200, [
+ 'Content-Type' => 'text/plain',
+ ], [ 'Hello World' ] ] };
+ };
+
+ my $req = HTTP::Request->new(OPTIONS => 'http://localhost/', [
+ 'Access-Control-Request-Method' => 'POST',
+ 'Origin' => 'http://www.example.com',
+ ]);
+
+ my $res = $app->($req->to_psgi);
+ is_deeply($res, [
+ 200,
+ [
+ 'Content-Type' => 'text/plain',
+ 'Access-Control-Allow-Origin' => 'http://www.example.com',
+ 'Access-Control-Allow-Methods' => 'GET, POST',
+ 'Access-Control-Allow-Headers' => 'X-Extra-Header, X-Extra-Header-2',
+ 'Access-Control-Expose-Headers' => 'X-Exposed-Header, X-Exposed-Header2'
+ ],
+ []
+ ], 'headers returned as comma separated values for the benenfit of IE');
+}
+
done_testing;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libplack-middleware-crossorigin-perl.git
More information about the Pkg-perl-cvs-commits
mailing list