diff options
| author | Jenny Shen <jenny.shen@shopify.com> | 2023-02-21 12:48:37 -0500 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-04-12 11:51:06 +0900 |
| commit | ef85b6de42c9d73451eb392178e1faa95b002edd (patch) | |
| tree | 7daf3d337817c05f4528b92ae68d27228862c0df | |
| parent | 353f9adcccc9928eb6fc0a7b581d31a1f5ca2d7b (diff) | |
| download | ruby-ef85b6de42c9d73451eb392178e1faa95b002edd.tar.gz | |
[rubygems/rubygems] Add access control headers for all requests to allow RubyGems.org to render the response
https://github.com/rubygems/rubygems/commit/22b329eb60
4 files changed, 9 insertions, 13 deletions
diff --git a/lib/rubygems/webauthn_listener/response.rb b/lib/rubygems/webauthn_listener/response.rb index c4ab492f82..8596e7bd69 100644 --- a/lib/rubygems/webauthn_listener/response.rb +++ b/lib/rubygems/webauthn_listener/response.rb @@ -44,7 +44,6 @@ class Gem::WebauthnListener end def access_control_headers - return "" unless add_access_control_headers? <<~RESPONSE Access-Control-Allow-Origin: #{host} Access-Control-Allow-Methods: POST @@ -66,10 +65,6 @@ class Gem::WebauthnListener raise NotImplementedError end - def add_access_control_headers? - false - end - def body; end end end diff --git a/lib/rubygems/webauthn_listener/response/response_no_content.rb b/lib/rubygems/webauthn_listener/response/response_no_content.rb index 39aad7fe96..feb6cade8c 100644 --- a/lib/rubygems/webauthn_listener/response/response_no_content.rb +++ b/lib/rubygems/webauthn_listener/response/response_no_content.rb @@ -7,8 +7,4 @@ class Gem::WebauthnListener::ResponseNoContent < Gem::WebauthnListener::Response def status "204 No Content" end - - def add_access_control_headers? - true - end end diff --git a/lib/rubygems/webauthn_listener/response/response_ok.rb b/lib/rubygems/webauthn_listener/response/response_ok.rb index c4e7de3e2c..83966b58b8 100644 --- a/lib/rubygems/webauthn_listener/response/response_ok.rb +++ b/lib/rubygems/webauthn_listener/response/response_ok.rb @@ -8,10 +8,6 @@ class Gem::WebauthnListener::ResponseOk < Gem::WebauthnListener::Response "200 OK" end - def add_access_control_headers? - true - end - def body "success" end diff --git a/test/rubygems/test_webauthn_listener_response.rb b/test/rubygems/test_webauthn_listener_response.rb index 5820ae9957..b3e54e0f19 100644 --- a/test/rubygems/test_webauthn_listener_response.rb +++ b/test/rubygems/test_webauthn_listener_response.rb @@ -57,6 +57,9 @@ class WebauthnListenerResponseTest < Gem::TestCase expected_payload = <<~RESPONSE HTTP/1.1 405 Method Not Allowed Connection: close + Access-Control-Allow-Origin: rubygems.example + Access-Control-Allow-Methods: POST + Access-Control-Allow-Headers: Content-Type, Authorization, x-csrf-token Allow: GET, OPTIONS RESPONSE @@ -69,6 +72,9 @@ class WebauthnListenerResponseTest < Gem::TestCase expected_payload = <<~RESPONSE HTTP/1.1 404 Not Found Connection: close + Access-Control-Allow-Origin: rubygems.example + Access-Control-Allow-Methods: POST + Access-Control-Allow-Headers: Content-Type, Authorization, x-csrf-token RESPONSE assert_equal expected_payload, payload @@ -80,6 +86,9 @@ class WebauthnListenerResponseTest < Gem::TestCase expected_payload = <<~RESPONSE HTTP/1.1 400 Bad Request Connection: close + Access-Control-Allow-Origin: rubygems.example + Access-Control-Allow-Methods: POST + Access-Control-Allow-Headers: Content-Type, Authorization, x-csrf-token Content-Type: text/plain Content-Length: 22 |