Dancer-Plugin-CORS
view release on metacpan or search on metacpan
README
README.md
dist.ini
lib/Dancer/Plugin/CORS.pm
lib/Dancer/Plugin/CORS/Sharing.pm
t/00-load.t
t/00-signature.t
t/01-simple.t
t/02-preflight.t
t/03-options.t
t/04-credentials.t
t/05-origin.t
t/06-multi.t
t/07-methods.t
t/08-sharing.t
t/09-timing.t
t/release-cpan-changes.t
t/release-pod-coverage.t
t/release-pod-syntax.t
lib/Dancer/Plugin/CORS.pm view on Meta::CPAN
$headers->{'Vary'} = 'Origin' if $origin ne '*';
if (exists $options->{timing}) {
if (defined $options->{timing} and $options->{timing} eq '1') {
$headers->{'Timing-Allow-Origin'} = $headers->{'Access-Control-Allow-Origin'};
} else {
$headers->{'Timing-Allow-Origin'} = 'null';
}
}
if (exists $options->{credentials}) {
if (!!$options->{credentials}) {
if ($origin eq '*') {
warning('For a resource that supports credentials a origin matcher must be specified.');
next RULE;
}
$headers->{'Access-Control-Allow-Credentials'} = 'true' ;
}
}
if (exists $options->{expose}) {
$headers->{'Access-Control-Expose-Headers'} = $options->{expose};
}
lib/Dancer/Plugin/CORS.pm view on Meta::CPAN
Cross origin resource sharing is a feature used by modern web browser to bypass cross site scripting restrictions. A webservice can provide those rules from which origin a client is allowed to make cross-site requests. This module helps you to setup ...
=head1 SYNOPSIS
use Dancer::Plugin::CORS;
get '/foo' => sub { ... };
share '/foo' =>
origin => 'http://localhost/',
credentials => 1,
expose => [qw[ Content-Type ]],
method => 'GET',
headers => [qw[ X-Requested-With ]],
maxage => 7200,
timing => 1,
;
=head1 METHODS
=head2 share(C<$route>, C<%options>)
lib/Dancer/Plugin/CORS.pm view on Meta::CPAN
If a subroutine is used, the first passed parameter is a L<URI> object. It should return a true value if this origin is allowed to access the route in question; otherwise false.
origin => sub {
my $host = shift->host;
# allow only from localhost
grep { $host eq $_ } qw(localhost 127.0.0.1 ::1)
}
Hint: a origin consists of protocol, hostname and maybe a port. Examples: C<http://www.example.com>, C<https://securesite.com>, C<http://localhost:3000>, C<http://127.0.0.1>, C<http://[::1]>
=item I<credentials>
This indicates whether cookies, HTTP authentication and/or client-side SSL certificates may sent by a client. Allowed values are C<0> or C<1>.
This option must be used together with I<origin>.
=item I<expose>
A comma-seperated list of headers, that a client may extract from response for use in a client application.
=item I<methods>
lib/Dancer/Plugin/CORS/Sharing.pm view on Meta::CPAN
=head1 DESCRIPTION
In order to use many rules with many routes, this helpers class helps you to organize yourself.
=head1 SYNOPSIS
use Dancer::Plugin::CORS;
sharing->rule(
origin => ...,
credentials => 1
);
$route = post '/' => sub { ... };
sharing->add($route);
=head1 METHODS
=head2 new
t/04-credentials.t view on Meta::CPAN
{
package Webservice;
use Dancer;
use Dancer::Plugin::CORS;
get '/foo' => sub { 'foo' };
share '/foo'
, origin => $origin
, method => 'GET'
, credentials => 1
;
get '/bar' => sub { 'bar' };
share '/bar'
, method => 'GET'
, credentials => 1
;
}
use Dancer::Test;
my ($R);
sub header_include($%) {
my $testname = shift;
t/04-credentials.t view on Meta::CPAN
);
$R = dancer_response(OPTIONS => '/bar', { headers => [
'Access-Control-Request-Method' => 'GET',
'Origin' => $origin
] });
is($R->status => 200, "OPTIONS /bar (preflight request, with allowed origin)");
header_include("OPTIONS /bar (preflight request, with allowed origin)", %all_cors
);
ok(scalar grep { $_ eq 'For a resource that supports credentials a origin matcher must be specified.' } map { $_->{message} } grep { $_->{level} eq 'warning' } @{read_logs()});
done_testing;
( run in 0.311 second using v1.01-cache-2.11-cpan-4d50c553e7e )