Last active
December 11, 2015 03:09
-
-
Save bradgessler/4535679 to your computer and use it in GitHub Desktop.
An idea for a Rails CORS policy DSL implementation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration DSL, probably in config/initializers/cors.rb | |
| CORS::Policy.configure do | |
| policy :polleverywhere do | |
| origins 'pollev.com', 'www.polleverywhere.com' | |
| # I think allowable request method can be inferred by Rails routing. | |
| # methods :get, :put, :post, :delete, :patch | |
| headers 'X-Custom-Request-Header' | |
| expose 'X-Custom-Response-Header' | |
| end | |
| policy :development do | |
| origins 'localhost:*', '127.0.0.1:*' | |
| end | |
| # If the proc returns a truthy value, then let this request through. | |
| policy :partners do | |
| origins Proc.new{ |origin| Partners.find_by_origin(origin) } | |
| end | |
| policy :all do | |
| origins '*' | |
| end | |
| end | |
| # Blanket policy | |
| class ApplicationController < ActionController::Base | |
| cors :polleverywhere, :development # This is the default policy for all controllers. | |
| end | |
| # Controller DSL | |
| class PollsController < ApplicationController | |
| cors :all, :only => %w[show index] | |
| cors :polleverywhere, :development, :only => %w[edit update destroy] | |
| cors :partners, :only => %w[edit update] | |
| # ... | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment