wai-cors 0.1.2 → 0.1.3
raw patch · 5 files changed
+101/−72 lines, 5 files
Files
- CHANGELOG.md +5/−0
- README.md +2/−0
- constraints +56/−55
- src/Network/Wai/Middleware/Cors.hs +37/−16
- wai-cors.cabal +1/−1
CHANGELOG.md view
@@ -1,3 +1,8 @@+0.1.3+=====++* Improved documentation+ 0.1.2 =====
README.md view
@@ -1,3 +1,5 @@+[](https://travis-ci.org/alephcloud/wai-cors)+ Cross-Origin Resource Sharing (CORS) For Wai ============================================
constraints view
@@ -1,55 +1,56 @@-constraints: MonadRandom == 0.1.13- , array == 0.5.0.0- , attoparsec == 0.11.3.4- , base == 4.7.0.0- , base-unicode-symbols == 0.2.2.4- , blaze-builder == 0.3.3.2- , bytestring == 0.10.4.0- , case-insensitive == 1.2.0.0- , charset == 0.3.7- , comonad == 4.2- , conduit == 1.1.2.1- , conduit-extra == 1.1.0.3- , containers == 0.5.5.1- , contravariant == 0.5.1- , deepseq == 1.3.0.2- , directory == 1.2.1.0- , distributive == 0.4.3.2- , either == 4.1.2- , errors == 1.4.7- , exceptions == 0.6.1- , filepath == 1.3.0.2- , ghc-prim == 0.3.1.0- , hashable == 1.2.2.0- , http-types == 0.8.4- , integer-gmp == 0.5.1.0- , lifted-base == 0.2.2.2- , mmorph == 1.0.3- , monad-control == 0.3.3.0- , mtl == 2.1.3.1- , nats == 0.2- , network == 2.5.0.0- , old-locale == 1.0.0.6- , parsec == 3.1.5- , parsers == 0.11.0.1- , primitive == 0.5.3.0- , random == 1.0.1.1- , resourcet == 1.1.2.2- , rts == 1.0- , safe == 0.3.4- , scientific == 0.3.2.0- , semigroupoids == 4.0.2- , semigroups == 0.14- , streaming-commons == 0.1.2.4- , tagged == 0.7.2- , text == 1.1.1.2- , time == 1.4.2- , transformers == 0.3.0.0- , transformers-base == 0.4.2- , transformers-compat == 0.1.1.1- , unix == 2.7.0.1- , unordered-containers == 0.2.4.0- , vault == 0.3.0.3- , void == 0.6.1- , wai == 2.1.0.2- , zlib == 0.5.4.1+constraints: MonadRandom ==0.1.13,+ array ==0.5.0.0,+ attoparsec ==0.11.3.4,+ base ==4.7.0.0,+ base-unicode-symbols ==0.2.2.4,+ blaze-builder ==0.3.3.2,+ bytestring ==0.10.4.0,+ case-insensitive ==1.2.0.0,+ charset ==0.3.7,+ comonad ==4.2,+ conduit ==1.1.2.1,+ conduit-extra ==1.1.0.3,+ containers ==0.5.5.1,+ contravariant ==0.5.1,+ deepseq ==1.3.0.2,+ directory ==1.2.1.0,+ distributive ==0.4.3.2,+ either ==4.1.2,+ errors ==1.4.7,+ exceptions ==0.6.1,+ filepath ==1.3.0.2,+ ghc-prim ==0.3.1.0,+ hashable ==1.2.2.0,+ http-types ==0.8.4,+ integer-gmp ==0.5.1.0,+ lifted-base ==0.2.2.2,+ mmorph ==1.0.3,+ monad-control ==0.3.3.0,+ mtl ==2.1.3.1,+ nats ==0.2,+ network ==2.5.0.0,+ old-locale ==1.0.0.6,+ parsec ==3.1.5,+ parsers ==0.11.0.1,+ primitive ==0.5.3.0,+ random ==1.0.1.1,+ resourcet ==1.1.2.2,+ rts ==1.0,+ safe ==0.3.4,+ scientific ==0.3.2.0,+ semigroupoids ==4.0.2,+ semigroups ==0.14,+ streaming-commons ==0.1.2.4,+ tagged ==0.7.2,+ text ==1.1.1.2,+ time ==1.4.2,+ transformers ==0.3.0.0,+ transformers-base ==0.4.2,+ transformers-compat ==0.1.1.1,+ unix ==2.7.0.1,+ unordered-containers ==0.2.4.0,+ vault ==0.3.0.3,+ void ==0.6.1,+ wai ==2.1.0.2,+ wai-cors ==0.1.3,+ zlib ==0.5.4.1
src/Network/Wai/Middleware/Cors.hs view
@@ -14,6 +14,26 @@ -- | An implemenation of Cross-Origin resource sharing (CORS) for WAI that -- aims to be compliant with <http://www.w3.org/TR/cors>. --+-- The function 'simpleCors' enables support of simple cross-origin requests.+--+-- The following is an example how to enable support for simple cross-origin requests+-- for a <http://hackage.haskell.org/package/scotty scotty> application.+--+-- > {-# LANGUAGE UnicodeSyntax #-}+-- > {-# LANGUAGE OverloadedStrings #-}+-- >+-- > module Main+-- > ( main+-- > ) where+-- >+-- > import Network.Wai.Middleware.Cors+-- > import Web.Scotty+-- >+-- > main ∷ IO ()+-- > main = scotty 8080 $ do+-- > middleware simpleCors+-- > matchAny "/" $ text "Success"+-- module Network.Wai.Middleware.Cors ( Origin , CorsResourcePolicy(..)@@ -176,10 +196,10 @@ -- for the HTTP response headers @Access-Control-Allow-Headers@ and -- @Access-Control-Allow-Methods@ all values specified in the -- 'CorsResourcePolicy' together with the respective values for simple requests--- (except @content-type@). This does not imply that the respective values are--- actually supported for the Resource by the application. Thus, depending on--- the application, an actual request may still fail with 404 even if the--- preflight request /supported/ the usage of the HTTP method with CORS.+-- (except @content-type@). This does not imply that the application actually+-- supports the respective values are for the requested resource. Thus,+-- depending on the application, an actual request may still fail with 404 even+-- if the preflight request /supported/ the usage of the HTTP method with CORS. -- -- The implementation does not distinguish between simple requests and requests -- that require preflight. The client is free to omit a preflight request or do@@ -190,9 +210,9 @@ -- -- /TODO/ ----- * We may consider adding enforcment aspects to this module: we may check if--- a request respects our origin restrictions and we may check that a CORS--- request respects the restrictions that we publish in the preflight+-- * We may consider adding optional enforcment aspects to this module: we may+-- check if a request respects our origin restrictions and we may check that a+-- CORS request respects the restrictions that we publish in the preflight -- responses. -- -- * Even though slightly out of scope we may (optionally) check if@@ -200,9 +220,9 @@ -- using CORS may expect this, since this check is recommended in -- <http://www.w3.org/TR/cors>. ----- * We may consider integrating CORS policy handling more--- closely with the handling of the source, for instance--- by integrating with 'ActionM' from scotty.+-- * We may consider integrating CORS policy handling more closely with the+-- handling of the source, for instance by integrating with 'ActionM' from+-- scotty. -- cors ∷ (WAI.Request → Maybe CorsResourcePolicy) -- ^ A value of 'Nothing' indicates that the resource is not available for CORS@@ -318,12 +338,13 @@ -- | A CORS middleware that supports simple cross-origin requests for all -- resources. ----- It does not check if the resource corresponds to the restrictions for--- simple requests. This is in accordance with <http://www.w3.org/TR/cors/>.--- The client (user-agent) is supposed to enforcement CORS policy. The--- role of the server to provide the client with the respective policy constraints.+-- This middleware does not check if the resource corresponds to the+-- restrictions for simple requests. This is in accordance with+-- <http://www.w3.org/TR/cors/>. The client (user-agent) is supposed to+-- enforcement CORS policy. The role of the server is to provide the client+-- with the respective policy constraints. ----- It is out of the scope of the this middleware if the server chooses to+-- It is out of the scope of the this module if the server chooses to -- enforce rules on its resources in relation to CORS policy itself. -- simpleCors ∷ WAI.Middleware@@ -397,7 +418,7 @@ isSubsetOf ∷ Eq α ⇒ [α] → [α] → Bool isSubsetOf l1 l2 = intersect l1 l2 ≡ l1 --- Add HTTP headers to a WAI response+-- | Add HTTP headers to a WAI response -- addHeaders ∷ HTTP.ResponseHeaders → WAI.Response → ReqMonad WAI.Response addHeaders hdrs res = do
wai-cors.cabal view
@@ -3,7 +3,7 @@ -- ------------------------------------------------------ -- Name: wai-cors-Version: 0.1.2+Version: 0.1.3 Synopsis: CORS for WAI Description: