packages feed

wai-cors 0.2.5 → 0.2.6

raw patch · 7 files changed

+130/−109 lines, 7 filesdep ~filepath

Dependency ranges changed: filepath

Files

CHANGELOG.md view
@@ -1,3 +1,13 @@+0.2.6 (2017-12-01)+==================++*   Removed ghc-7.6.3 and versions of wai<3.0 from the CI test matrix.+    These versions are still supported in the code but cabal may need some+    manual help to resolve dependencies.++*   Fixes and improvements to the documentation. Thanks to Frederik Hanghøj+    Iversen, Alex Collins, and Maximilian Tagher.+ 0.2.5 ===== 
README.md view
@@ -48,7 +48,6 @@ [scotty](http://hackage.haskell.org/package/scotty) application.  ```.haskell-{-# LANGUAGE UnicodeSyntax #-} {-# LANGUAGE OverloadedStrings #-}  module Main@@ -58,17 +57,17 @@ import Network.Wai.Middleware.Cors import Web.Scotty -main ∷ IO ()+main :: IO () main = scotty 8080 $ do     middleware simpleCors-    matchAny  "/" $ text "Success"+    matchAny "/" $ text "Success" ```  The result of following curl command will include the HTTP response header `Access-Control-Allow-Origin: *`.  ```.bash-curl -i http://127.0.0.1:8888 -H 'Origin: 127.0.0.1' -v+curl -i http://127.0.0.1:8080 -H 'Origin: 127.0.0.1' -v ```  Documentation for more general usage can be found in the module
− constraints
@@ -1,82 +0,0 @@-constraints: SHA ==1.6.4.2,-             ansi-terminal ==0.6.2.1,-             ansi-wl-pprint ==0.6.7.2,-             appar ==0.1.4,-             array ==0.5.1.0,-             async ==2.0.2,-             attoparsec ==0.13.0.0,-             auto-update ==0.1.2.1,-             base ==4.8.0.0,-             base-unicode-symbols ==0.2.2.4,-             base64-bytestring ==1.0.0.1,-             binary ==0.7.3.0,-             blaze-builder ==0.4.0.1,-             byteorder ==1.0.4,-             bytestring ==0.10.6.0,-             bytestring-builder ==0.10.6.0.0,-             case-insensitive ==1.2.0.4,-             charset ==0.3.7.1,-             containers ==0.5.6.2,-             cookie ==0.4.1.5,-             data-default-class ==0.0.1,-             deepseq ==1.4.1.1,-             directory ==1.2.2.0,-             easy-file ==0.2.1,-             entropy ==0.3.6,-             exceptions ==0.8.0.2,-             fast-logger ==2.3.1,-             filepath ==1.4.0.0,-             ghc-prim ==0.4.0.0,-             hashable ==1.2.3.2,-             http-date ==0.0.6.1,-             http-types ==0.8.6,-             integer-gmp ==1.0.0.0,-             iproute ==1.4.0,-             lifted-base ==0.2.3.6,-             mmorph ==1.0.4,-             monad-control ==1.0.0.4,-             mtl ==2.2.1,-             nats ==1,-             network ==2.6.1.0,-             old-locale ==1.0.0.7,-             old-time ==1.1.0.3,-             optparse-applicative ==0.11.0.2,-             parsec ==3.1.9,-             parsers ==0.12.2.1,-             pretty ==1.1.2.0,-             process ==1.2.3.0,-             random ==1.1,-             regex-base ==0.93.2,-             regex-tdfa-rc ==1.1.8.3,-             resourcet ==1.1.5,-             rts ==1.0,-             scientific ==0.3.3.8,-             semigroups ==0.16.2.2,-             simple-sendfile ==0.2.20,-             stm ==2.4.4,-             streaming-commons ==0.1.12.1,-             stringsearch ==0.3.6.6,-             tagged ==0.8.0.1,-             tasty ==0.10.1.2,-             tasty-hunit ==0.9.2,-             template-haskell ==2.10.0.0,-             text ==1.2.1.0,-             time ==1.5.0.1,-             transformers ==0.4.2.0,-             transformers-base ==0.4.4,-             transformers-compat ==0.4.0.4,-             unbounded-delays ==0.1.0.9,-             unix ==2.7.1.0,-             unix-compat ==0.4.1.4,-             unix-time ==0.3.5,-             unordered-containers ==0.2.5.1,-             vault ==0.3.0.4,-             void ==0.7,-             wai ==3.0.2.3,-             wai-extra ==3.0.7.1,-             wai-logger ==2.2.4,-             wai-websockets ==3.0.0.5,-             warp ==3.0.13.1,-             websockets ==0.9.5.0,-             word8 ==0.1.2,-             zlib ==0.5.4.2
+ examples/ServantWai.hs view
@@ -0,0 +1,49 @@+{-# LANGUAGE DataKinds         #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE TemplateHaskell   #-}+{-# LANGUAGE TypeOperators     #-}++import           Data.Aeson+import           Data.Aeson.TH+import           Network.Wai+import           Network.Wai.Handler.Warp+import           Network.Wai.Middleware.Cors+import           Servant++data User = User+  { userId        :: Int+  , userFirstName :: String+  , userLastName  :: String+  } deriving (Eq, Show)++$(deriveJSON defaultOptions ''User)++type API = "users" :> Get '[JSON] [User]++-- | Configure an Application with a CORS policy+app :: Application+app = (cors (const policy)) $ serve api server+  where policy = Just CorsResourcePolicy {+        corsOrigins = Nothing+        , corsMethods = ["GET"]+        , corsRequestHeaders = ["authorization", "content-type"]+        , corsExposedHeaders = Nothing+        , corsMaxAge = Just $ 60*60*24 -- one day+        , corsVaryOrigin = False+        , corsRequireOrigin = True+        , corsIgnoreFailures = False+      }++api :: Proxy API+api = Proxy++server :: Server API+server = return users++users :: [User]+users = [ User 1 "Isaac" "Newton"+        , User 2 "Albert" "Einstein"+        ]++main :: IO ()+main = run 8080 app
+ examples/Wai.hs view
@@ -0,0 +1,26 @@+{-# LANGUAGE UnicodeSyntax #-}++-- |+-- Module: Wai+-- Description: Example for using wai-cors with a plain wai app+-- Copyright: Copyright © 2017 Lars Kuhtz <lakuhtz@gmail.com>.+-- License: MIT+-- Maintainer: Lars Kuhtz <lakuhtz@gmail.com>+-- Stability: experimental+--+module Wai+( main+) where++import Network.HTTP.Types.Status+import Network.Wai+import Network.Wai.Middleware.Cors+import Network.Wai.Handler.Warp++main ∷ IO ()+main = run 8080 $ simpleCors $ echo++echo ∷ Application+echo req respond =+    respond . responseLBS ok200 [] =<< lazyRequestBody req+
src/Network/Wai/Middleware/Cors.hs view
@@ -30,7 +30,7 @@ -- complying with the CORS standard it enables the client (i.e. the web -- browser) to enforce the CORS policy. For application authors it is strongly -- recommended to take into account the security considerations in section 6.3--- of <http://wwww.w3.org/TR/cors>. In particular the application should check+-- of <http://www.w3.org/TR/cors>. In particular the application should check -- that the value of the @Origin@ header matches it's expectations. -- -- = Websockets@@ -137,7 +137,7 @@     --     -- A value of 'Nothing' indicates unrestricted cross-origin sharing and     -- results in @*@ as value for the @Access-Control-Allow-Origin@ HTTP-    -- response header.+    -- response header. Note if you send @*@, credentials cannot be sent with the request.     --     -- A value other than 'Nothing' is a tuple that consists of a list of     -- origins each with a Boolean flag that indicates if credentials are used@@ -148,6 +148,10 @@     -- particular the string @*@ is not a valid origin (but the string @null@     -- is).     --+    -- Credentials include cookies, authorization headers and TLS client certificates.+    -- For credentials to be sent with requests, the @withCredentials@ setting of+    -- @XmlHttpRequest@ in the browser must be set to @true@.+    --        corsOrigins ∷ !(Maybe ([Origin], Bool))      -- | HTTP methods that are allowed in CORS requests.@@ -156,16 +160,19 @@      -- | Field names of HTTP request headers that are allowed in CORS requests.     -- Header names that are included in 'simpleHeaders', except for-    -- @content-type@, are implicitely included an thus optional in this list.+    -- @content-type@, are implicitly included and thus optional in this list.     --     , corsRequestHeaders ∷ ![HTTP.HeaderName] -    -- | Field names of HTTP headers that are exposed on the client.+    -- | Field names of HTTP headers that are exposed to the client in the response.     --     , corsExposedHeaders ∷ !(Maybe [HTTP.HeaderName]) -    -- | Number of seconds that the response may be cached by the client.+    -- | Number of seconds that the OPTIONS preflight response may be cached by the client.     --+    -- Tip: Set this to 'Nothing' while testing your CORS implementation, then increase+    -- it once you deploy to production.+    --     , corsMaxAge ∷ !(Maybe Int)      -- | If the resource is shared by multiple origins but@@ -203,6 +210,8 @@     -- * an response with HTTP status 400 (bad request) and short     --   error message is returned if this field is 'False'.     --+    -- Note: Your application needs to will receive preflight OPTIONS requests if set to 'True'.+    --     -- @since 0.2     --     , corsIgnoreFailures ∷ !Bool@@ -285,7 +294,7 @@ -- a preflight request in cases when it wouldn't be required. -- -- For application authors it is strongly recommended to take into account the--- security considerations in section 6.3 of <http://wwww.w3.org/TR/cors>.+-- security considerations in section 6.3 of <http://www.w3.org/TR/cors>. -- -- /TODO/ --@@ -445,9 +454,9 @@ -- -- This middleware does not check if the resource corresponds to the -- restrictions for simple requests. This is in accordance with--- <http://www.w3.org/TR/cors/>. The client (user-agent) is supposed to--- enforcement CORS policy. The role of the server is to provide the client--- with the respective policy constraints.+-- <http://www.w3.org/TR/cors/>. It is the responsibility of the +-- client (user-agent) to enforce CORS policy. The role of the server+-- is to provide the client with the respective policy constraints. -- -- It is out of the scope of the this module if the server chooses to -- enforce rules on its resources in relation to CORS policy itself.@@ -458,7 +467,7 @@ -- -------------------------------------------------------------------------- -- -- Definition from Standards --- | Simple HTTP response headers as defined in <http://www.w3.org/TR/cors/>+-- | Simple HTTP response headers as defined in <https://www.w3.org/TR/cors/#simple-response-header> -- simpleResponseHeaders ∷ [HTTP.HeaderName] simpleResponseHeaders =@@ -470,6 +479,7 @@     , "Pragma"     ] +-- | Simple HTTP headers are defined in <https://www.w3.org/TR/cors/#simple-header> simpleHeaders ∷ [HTTP.HeaderName] simpleHeaders =     [ "Accept"@@ -478,6 +488,7 @@     , "Content-Type"     ] +-- | Simple content types are defined in <https://www.w3.org/TR/cors/#simple-header> simpleContentTypes ∷ [CI.CI B8.ByteString] simpleContentTypes =     [ "application/x-www-form-urlencoded"@@ -486,7 +497,7 @@     ]  --- | Simple HTTP methods as defined in <http://www.w3.org/TR/cors/>+-- | Simple HTTP methods as defined in <https://www.w3.org/TR/cors/#simple-method> -- simpleMethods ∷ [HTTP.Method] simpleMethods =@@ -495,6 +506,9 @@     , "POST"     ] +-- | Whether the given method and headers constitute a simple request,+-- i.e. the method is simple, all headers are simple, and, if a POST request,+-- the content-type is simple. isSimple ∷ HTTP.Method → HTTP.RequestHeaders → Bool isSimple method headers     = method `elem` simpleMethods
wai-cors.cabal view
@@ -1,10 +1,10 @@ -- ------------------------------------------------------ ----- Copyright © 2015-2016 Lars Kuhtz <lakuhtz@gmail.com>+-- Copyright © 2015-2017 Lars Kuhtz <lakuhtz@gmail.com> -- Copyright © 2014 AlephCloud Systems, Inc. -- ------------------------------------------------------ --  Name: wai-cors-Version: 0.2.5+Version: 0.2.6 Synopsis: CORS for WAI  Description:@@ -20,20 +20,21 @@ Author: Lars Kuhtz <lakuhtz@gmail.com> Maintainer: Lars Kuhtz <lakuhtz@gmail.com> Copyright:-    (c) 2015-2016 Lars Kuhtz <lakuhtz@gmail.com>,+    (c) 2015-2017 Lars Kuhtz <lakuhtz@gmail.com>,     (c) 2014 AlephCloud Systems, Inc. Category: HTTP, Network, Web, Yesod Build-type: Simple Cabal-version: >= 1.14.0-tested-with: GHC == 7.6.3, GHC == 7.8.4, GHC == 7.10.3, GHC == 8.0.1+tested-with: GHC == 7.8.4, GHC == 7.10.3, GHC == 8.0.2, GHC == 8.2.1, GHC == 8.2.2  data-files:     README.md     CHANGELOG.md-    constraints     test/index.html     test/phantomjs.js     examples/Scotty.hs+    examples/Wai.hs+    examples/ServantWai.hs  source-repository head     type: git@@ -43,7 +44,7 @@ source-repository this     type: git     location: https://github.com/larskuhtz/wai-cors-    tag: 0.2.5+    tag: 0.2.6  flag transformers-3     description: use transformers<0.3 (this is set automatically)@@ -120,9 +121,13 @@         text >= 1.2,         wai-cors -    -- we only build the tests suite with the most recent wai version-    -- cabal fails to resolves the old dependencies otherwise.-    if flag (wai-1) || flag (wai-2)+    if impl(ghc < 7.8)+        build-depends:+            filepath < 1.4.1.2++    -- We only build the tests suite with the more recent versions of wai and ghc.+    -- Cabal fails to resolves the old dependencies otherwise.+    if flag (wai-1) || flag (wai-2) || impl(ghc < 7.10)         buildable: False     else         build-depends:@@ -147,9 +152,9 @@         tasty-hunit >= 0.9,         wai-cors -    -- we only build the tests suite with the most recent wai version-    -- cabal fails to resolves the old dependencies otherwise.-    if flag (wai-1) || flag (wai-2)+    -- We only build the tests suite with the more recent versions of wai and ghc.+    -- Cabal fails to resolves the old dependencies otherwise.+    if flag (wai-1) || flag (wai-2) || impl(ghc < 7.10)         buildable: False     else         build-depends: