line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
10
|
|
|
10
|
|
2169892
|
use strict; |
|
10
|
|
|
|
|
21
|
|
|
10
|
|
|
|
|
385
|
|
2
|
10
|
|
|
10
|
|
46
|
use warnings; |
|
10
|
|
|
|
|
16
|
|
|
10
|
|
|
|
|
398
|
|
3
|
|
|
|
|
|
|
package Dancer::Plugin::CORS; |
4
|
|
|
|
|
|
|
# ABSTRACT: A plugin for using cross origin resource sharing |
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
|
7
|
10
|
|
|
10
|
|
75
|
use Carp qw(croak confess); |
|
10
|
|
|
|
|
18
|
|
|
10
|
|
|
|
|
568
|
|
8
|
10
|
|
|
10
|
|
680
|
use Dancer ':syntax'; |
|
10
|
|
|
|
|
283641
|
|
|
10
|
|
|
|
|
45
|
|
9
|
10
|
|
|
10
|
|
7456
|
use Dancer::Plugin; |
|
10
|
|
|
|
|
12272
|
|
|
10
|
|
|
|
|
675
|
|
10
|
10
|
|
|
10
|
|
59
|
use Sub::Name; |
|
10
|
|
|
|
|
14
|
|
|
10
|
|
|
|
|
384
|
|
11
|
10
|
|
|
10
|
|
42
|
use Scalar::Util qw(blessed); |
|
10
|
|
|
|
|
13
|
|
|
10
|
|
|
|
|
375
|
|
12
|
10
|
|
|
10
|
|
42
|
use URI; |
|
10
|
|
|
|
|
13
|
|
|
10
|
|
|
|
|
179
|
|
13
|
|
|
|
|
|
|
|
14
|
10
|
|
|
10
|
|
3500
|
use Dancer::Plugin::CORS::Sharing; |
|
10
|
|
|
|
|
20
|
|
|
10
|
|
|
|
|
274
|
|
15
|
|
|
|
|
|
|
|
16
|
10
|
|
|
10
|
|
53
|
use constant DEBUG => 0; |
|
10
|
|
|
|
|
13
|
|
|
10
|
|
|
|
|
8726
|
|
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
our $VERSION = '0.13'; # VERSION |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
my $routes = {}; |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
sub _isin($@) { |
23
|
14
|
|
|
14
|
|
17
|
my $test = shift; |
24
|
14
|
|
|
|
|
16
|
scalar grep { $test eq $_ } @_; |
|
16
|
|
|
|
|
52
|
|
25
|
|
|
|
|
|
|
} |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
sub _isuri(_) { |
28
|
48
|
|
|
48
|
|
361
|
shift =~ m|(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?| |
29
|
|
|
|
|
|
|
} |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
sub _prefl_handle; |
32
|
|
|
|
|
|
|
sub _add_rule($%); |
33
|
|
|
|
|
|
|
sub _handle; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
my $current_route; |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
sub _prefl_handle { |
38
|
30
|
|
|
30
|
|
5960
|
debug "[CORS] entered preflight request main subroutine" if DEBUG; |
39
|
30
|
50
|
|
|
|
74
|
unless (defined $current_route) { |
40
|
0
|
|
|
|
|
0
|
warning "[CORS] current route not defined!"; |
41
|
0
|
|
|
|
|
0
|
return; |
42
|
|
|
|
|
|
|
} |
43
|
30
|
100
|
|
|
|
54
|
unless(_handle($current_route)) { |
44
|
22
|
|
|
|
|
64
|
my $request = Dancer::SharedData->request; |
45
|
22
|
|
|
|
|
94
|
while ($current_route = $current_route->next) { |
46
|
18
|
100
|
|
|
|
126
|
if ($current_route->match($request)) { |
47
|
16
|
|
|
|
|
1560
|
debug "[CORS] going to next handler" if DEBUG; |
48
|
16
|
|
|
|
|
42
|
pass; |
49
|
|
|
|
|
|
|
} |
50
|
|
|
|
|
|
|
} |
51
|
6
|
|
|
|
|
147
|
debug "[CORS] no more rules." if DEBUG; |
52
|
|
|
|
|
|
|
} |
53
|
14
|
|
|
|
|
43
|
$current_route = undef; |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub _add_rule($%) { |
57
|
30
|
|
|
30
|
|
7578
|
my ($route, %options) = @_; |
58
|
|
|
|
|
|
|
|
59
|
30
|
50
|
|
|
|
87
|
if (ref $route eq 'ARRAY') { |
60
|
0
|
|
|
|
|
0
|
return map { _add_rule($_, %options) } @$route; |
|
0
|
|
|
|
|
0
|
|
61
|
|
|
|
|
|
|
} |
62
|
|
|
|
|
|
|
|
63
|
30
|
100
|
66
|
|
|
230
|
if (blessed $route and $route->isa('Dancer::Route')) { |
64
|
22
|
|
|
|
|
55
|
my $prefl = Dancer::App->current->registry->add_route(Dancer::Route->new( |
65
|
|
|
|
|
|
|
method => 'options', |
66
|
|
|
|
|
|
|
code => \&_prefl_handle, |
67
|
|
|
|
|
|
|
options => $route->options, |
68
|
|
|
|
|
|
|
pattern => $route->pattern |
69
|
|
|
|
|
|
|
)); |
70
|
22
|
|
|
|
|
2432
|
$options{method} = uc($route->method); |
71
|
22
|
|
|
|
|
285
|
$routes->{$prefl} = [{ %options }]; |
72
|
22
|
|
|
|
|
34
|
debug "registered preflight route handler for ".$route->method." pattern: ".$route->pattern."\n" if DEBUG; |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
30
|
100
|
|
|
|
85
|
unless (exists $routes->{$route}) { |
76
|
25
|
|
|
|
|
49
|
$routes->{$route} = []; |
77
|
25
|
100
|
|
|
|
60
|
unless (ref $route) { |
78
|
8
|
|
|
|
|
6
|
debug "registered preflight route handler for any pattern: $route\n" if DEBUG; |
79
|
8
|
|
|
|
|
34
|
options $route => \&_prefl_handle; |
80
|
|
|
|
|
|
|
} |
81
|
|
|
|
|
|
|
} |
82
|
30
|
|
|
|
|
1111
|
push @{ $routes->{$route} } => \%options; |
|
30
|
|
|
|
|
101
|
|
83
|
|
|
|
|
|
|
} |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
sub _handle { |
86
|
52
|
|
|
52
|
|
53
|
my $route = shift; |
87
|
52
|
|
|
|
|
125
|
my $request = Dancer::SharedData->request; |
88
|
52
|
|
|
|
|
191
|
my $path = $request->path_info; |
89
|
|
|
|
|
|
|
|
90
|
52
|
50
|
66
|
|
|
454
|
unless (exists $routes->{$path} or exists $routes->{$route}) { |
91
|
0
|
|
|
|
|
0
|
debug "[CORS] path $path or route $route did not no matched any rule" if DEBUG; |
92
|
|
|
|
|
|
|
} |
93
|
|
|
|
|
|
|
|
94
|
52
|
|
|
|
|
108
|
my $preflight = uc $request->method eq 'OPTIONS'; |
95
|
|
|
|
|
|
|
|
96
|
52
|
|
|
|
|
222
|
debug "[CORS] preflight request" if DEBUG and $preflight; |
97
|
|
|
|
|
|
|
|
98
|
52
|
|
|
|
|
129
|
my $origin = scalar($request->header('Origin')); |
99
|
|
|
|
|
|
|
|
100
|
52
|
100
|
|
|
|
1493
|
unless (defined $origin) { |
101
|
4
|
|
|
|
|
5
|
debug "[CORS] no origin header present in request" if DEBUG; |
102
|
4
|
|
|
|
|
23
|
return; |
103
|
|
|
|
|
|
|
} |
104
|
|
|
|
|
|
|
|
105
|
48
|
50
|
|
|
|
110
|
unless (_isuri($origin)) { |
106
|
0
|
|
|
|
|
0
|
debug "[CORS] origin '$origin' is not a URI" if DEBUG; |
107
|
0
|
|
|
|
|
0
|
return; |
108
|
|
|
|
|
|
|
} |
109
|
|
|
|
|
|
|
|
110
|
48
|
100
|
|
|
|
156
|
my $requested_method = $preflight |
111
|
|
|
|
|
|
|
? scalar($request->header('Access-Control-Request-Method')) |
112
|
|
|
|
|
|
|
: $request->method |
113
|
|
|
|
|
|
|
; |
114
|
48
|
50
|
|
|
|
737
|
unless (defined $requested_method) { |
115
|
0
|
|
|
|
|
0
|
debug "[CORS] no request method defined" if DEBUG; |
116
|
|
|
|
|
|
|
} |
117
|
|
|
|
|
|
|
|
118
|
48
|
|
100
|
|
|
111
|
my @requested_headers = map { s{\s+}{}g; $_ } split /,+/, (scalar($request->header('Access-Control-Request-Headers')) || ''); |
|
2
|
|
|
|
|
43
|
|
|
2
|
|
|
|
|
5
|
|
119
|
|
|
|
|
|
|
|
120
|
48
|
|
|
|
|
1585
|
my ($ok, $i) = (0, 0); |
121
|
48
|
|
|
|
|
46
|
my ($headers, $xoptions); |
122
|
|
|
|
|
|
|
|
123
|
48
|
100
|
|
|
|
140
|
if (exists $routes->{$route}) { |
124
|
37
|
|
|
|
|
46
|
$path = "$route"; |
125
|
37
|
|
|
|
|
43
|
debug "[CORS] dynamic route: $path" if DEBUG; |
126
|
|
|
|
|
|
|
} else { |
127
|
11
|
|
|
|
|
11
|
debug "[CORS] static route: $path" if DEBUG; |
128
|
|
|
|
|
|
|
} |
129
|
|
|
|
|
|
|
|
130
|
48
|
|
|
|
|
41
|
my $n = scalar @{$routes->{$path}}; |
|
48
|
|
|
|
|
87
|
|
131
|
|
|
|
|
|
|
|
132
|
48
|
|
|
|
|
46
|
RULE: foreach my $options (@{$routes->{$path}}) { |
|
48
|
|
|
|
|
104
|
|
133
|
49
|
|
|
|
|
54
|
debug "[CORS] testing rule ".++$i." of $n" if DEBUG; |
134
|
49
|
|
|
|
|
39
|
if (DEBUG) { |
135
|
10
|
|
|
10
|
|
59
|
use Data::Dumper; |
|
10
|
|
|
|
|
12
|
|
|
10
|
|
|
|
|
5383
|
|
136
|
|
|
|
|
|
|
debug Dumper($options); |
137
|
|
|
|
|
|
|
} |
138
|
49
|
|
|
|
|
63
|
$headers = {}; |
139
|
49
|
100
|
|
|
|
108
|
if (exists $options->{origin}) { |
140
|
46
|
|
|
|
|
79
|
my $reftype = ref $options->{origin}; |
141
|
46
|
100
|
|
|
|
203
|
if ($reftype eq 'CODE') { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
142
|
5
|
100
|
|
|
|
25
|
if (!$options->{origin}->(URI->new($origin))) { |
143
|
3
|
|
|
|
|
178
|
debug "[CORS] origin $origin did not matched against coderef" if DEBUG; |
144
|
3
|
|
|
|
|
9
|
next RULE; |
145
|
|
|
|
|
|
|
} |
146
|
|
|
|
|
|
|
} elsif ($reftype eq 'ARRAY') { |
147
|
2
|
100
|
|
|
|
3
|
unless (_isin $origin => @{ $options->{origin} }) { |
|
2
|
|
|
|
|
7
|
|
148
|
1
|
|
|
|
|
2
|
debug "[CORS] origin $origin is not in array" if DEBUG; |
149
|
1
|
|
|
|
|
3
|
next RULE; |
150
|
|
|
|
|
|
|
} |
151
|
|
|
|
|
|
|
} elsif ($reftype eq 'Regexp') { |
152
|
2
|
100
|
|
|
|
14
|
unless ($origin =~ $options->{origin}) { |
153
|
1
|
|
|
|
|
1
|
debug "[CORS] origin $origin did not matched against regexp" if DEBUG; |
154
|
1
|
|
|
|
|
3
|
next RULE; |
155
|
|
|
|
|
|
|
} |
156
|
|
|
|
|
|
|
} elsif ($reftype eq '') { |
157
|
37
|
100
|
|
|
|
93
|
unless ($options->{origin} eq $origin) { |
158
|
5
|
|
|
|
|
4
|
debug "[CORS] origin $origin did not matched against static string" if DEBUG; |
159
|
5
|
|
|
|
|
13
|
next RULE; |
160
|
|
|
|
|
|
|
} |
161
|
|
|
|
|
|
|
} else { |
162
|
0
|
|
|
|
|
0
|
confess("unknown origin type: $reftype"); |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
} else { |
165
|
3
|
|
|
|
|
5
|
$origin = '*'; |
166
|
|
|
|
|
|
|
} |
167
|
39
|
|
|
|
|
6048
|
$headers->{'Access-Control-Allow-Origin'} = $origin; |
168
|
39
|
100
|
|
|
|
110
|
$headers->{'Vary'} = 'Origin' if $origin ne '*'; |
169
|
|
|
|
|
|
|
|
170
|
39
|
100
|
|
|
|
92
|
if (exists $options->{timing}) { |
171
|
3
|
100
|
66
|
|
|
15
|
if (defined $options->{timing} and $options->{timing} eq '1') { |
172
|
2
|
|
|
|
|
3
|
$headers->{'Timing-Allow-Origin'} = $headers->{'Access-Control-Allow-Origin'}; |
173
|
|
|
|
|
|
|
} else { |
174
|
1
|
|
|
|
|
2
|
$headers->{'Timing-Allow-Origin'} = 'null'; |
175
|
|
|
|
|
|
|
} |
176
|
|
|
|
|
|
|
} |
177
|
|
|
|
|
|
|
|
178
|
39
|
100
|
|
|
|
95
|
if (exists $options->{credentials}) { |
179
|
2
|
50
|
|
|
|
5
|
if (!!$options->{credentials}) { |
180
|
2
|
100
|
|
|
|
6
|
if ($origin eq '*') { |
181
|
1
|
|
|
|
|
4
|
warning('For a resource that supports credentials a origin matcher must be specified.'); |
182
|
1
|
|
|
|
|
58
|
next RULE; |
183
|
|
|
|
|
|
|
} |
184
|
1
|
|
|
|
|
2
|
$headers->{'Access-Control-Allow-Credentials'} = 'true' ; |
185
|
|
|
|
|
|
|
} |
186
|
|
|
|
|
|
|
} |
187
|
|
|
|
|
|
|
|
188
|
38
|
100
|
|
|
|
75
|
if (exists $options->{expose}) { |
189
|
2
|
|
|
|
|
4
|
$headers->{'Access-Control-Expose-Headers'} = $options->{expose}; |
190
|
|
|
|
|
|
|
} |
191
|
|
|
|
|
|
|
|
192
|
38
|
100
|
|
|
|
130
|
if (exists $options->{methods}) { |
|
|
50
|
|
|
|
|
|
193
|
10
|
100
|
|
|
|
14
|
unless (_isin lc $requested_method => map lc, @{ $options->{methods} }) { |
|
10
|
|
|
|
|
73
|
|
194
|
7
|
|
|
|
|
5
|
debug "[CORS] request method not allowed" if DEBUG; |
195
|
7
|
|
|
|
|
17
|
next RULE; |
196
|
|
|
|
|
|
|
} |
197
|
3
|
|
|
|
|
5
|
$headers->{'Access-Control-Allow-Methods'} = join ', ' => map uc, @{ $options->{methods} }; |
|
3
|
|
|
|
|
13
|
|
198
|
|
|
|
|
|
|
} elsif (exists $options->{method}) { |
199
|
28
|
100
|
|
|
|
87
|
unless ($options->{method} eq $requested_method) { |
200
|
10
|
|
|
|
|
5
|
debug "[CORS] request method '$requested_method' not allowed: ".$options->{method} if DEBUG; |
201
|
10
|
|
|
|
|
22
|
next RULE; |
202
|
|
|
|
|
|
|
} |
203
|
18
|
|
|
|
|
38
|
$headers->{'Access-Control-Allow-Methods'} = $options->{method}; |
204
|
|
|
|
|
|
|
} |
205
|
|
|
|
|
|
|
|
206
|
21
|
100
|
|
|
|
97
|
if (exists $options->{headers}) { |
|
|
50
|
|
|
|
|
|
207
|
2
|
|
|
|
|
7
|
foreach my $requested_header (@requested_headers) { |
208
|
2
|
50
|
|
|
|
3
|
unless (_isin lc $requested_header => map lc, @{ $options->{headers} }) { |
|
2
|
|
|
|
|
4
|
|
209
|
0
|
|
|
|
|
0
|
debug "[CORS] requested headers did not match allowed in rule" if DEBUG; |
210
|
0
|
|
|
|
|
0
|
next RULE; |
211
|
|
|
|
|
|
|
} |
212
|
|
|
|
|
|
|
} |
213
|
2
|
|
|
|
|
3
|
$headers->{'Access-Control-Allow-Headers'} = join ', ' => @{ $options->{headers} }; |
|
2
|
|
|
|
|
8
|
|
214
|
|
|
|
|
|
|
} elsif (@requested_headers) { |
215
|
0
|
|
|
|
|
0
|
$headers->{'Access-Control-Allow-Headers'} = join ', ' => @requested_headers; |
216
|
|
|
|
|
|
|
} |
217
|
|
|
|
|
|
|
|
218
|
21
|
100
|
100
|
|
|
95
|
if ($preflight and exists $options->{maxage}) { |
219
|
2
|
|
|
|
|
4
|
$headers->{'Access-Control-Max-Age'} = $options->{maxage}; |
220
|
|
|
|
|
|
|
} |
221
|
|
|
|
|
|
|
|
222
|
21
|
|
|
|
|
30
|
$ok = 1; |
223
|
21
|
|
|
|
|
131
|
var CORS => {%$options}; |
224
|
21
|
|
|
|
|
246
|
Dancer::SharedData->response->headers(%$headers); |
225
|
21
|
|
|
|
|
2100
|
if (DEBUG) { |
226
|
10
|
|
|
10
|
|
58
|
use Data::Dumper; |
|
10
|
|
|
|
|
11
|
|
|
10
|
|
|
|
|
3201
|
|
227
|
|
|
|
|
|
|
debug Dumper({headers => $headers}); |
228
|
|
|
|
|
|
|
} |
229
|
21
|
|
|
|
|
43
|
last RULE; |
230
|
|
|
|
|
|
|
} |
231
|
|
|
|
|
|
|
|
232
|
48
|
100
|
|
|
|
86
|
if ($ok) { |
233
|
21
|
|
|
|
|
29
|
debug "[CORS] matched!" if DEBUG; |
234
|
|
|
|
|
|
|
} else { |
235
|
27
|
|
|
|
|
29
|
debug "[CORS] no rule matched" if DEBUG; |
236
|
|
|
|
|
|
|
} |
237
|
|
|
|
|
|
|
|
238
|
48
|
|
|
|
|
178
|
return $ok; |
239
|
|
|
|
|
|
|
} |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
|
242
|
|
|
|
|
|
|
register(share => \&_add_rule); |
243
|
|
|
|
|
|
|
|
244
|
|
|
|
|
|
|
hook(before => sub { |
245
|
|
|
|
|
|
|
$current_route = shift || return; |
246
|
|
|
|
|
|
|
my $preflight = uc Dancer::SharedData->request->method eq 'OPTIONS'; |
247
|
|
|
|
|
|
|
if ($preflight) { |
248
|
|
|
|
|
|
|
debug "[CORS] pre-check: preflight request, handle within main subroutine" if DEBUG; |
249
|
|
|
|
|
|
|
} else { |
250
|
|
|
|
|
|
|
debug "[CORS] pre-check: no preflight, handle actual request now" if DEBUG; |
251
|
|
|
|
|
|
|
_handle($current_route); |
252
|
|
|
|
|
|
|
} |
253
|
|
|
|
|
|
|
}); |
254
|
|
|
|
|
|
|
|
255
|
|
|
|
|
|
|
my $current_sharing; |
256
|
|
|
|
|
|
|
|
257
|
|
|
|
|
|
|
|
258
|
|
|
|
|
|
|
register sharing => sub { |
259
|
7
|
|
|
7
|
|
47
|
my $class = __PACKAGE__.'::Sharing'; |
260
|
7
|
|
66
|
|
|
27
|
$current_sharing ||= $class->new(@_,_add_rule=>\&_add_rule); |
261
|
7
|
|
|
|
|
37
|
return $current_sharing; |
262
|
|
|
|
|
|
|
}; |
263
|
|
|
|
|
|
|
|
264
|
|
|
|
|
|
|
register_plugin; |
265
|
|
|
|
|
|
|
1; |
266
|
|
|
|
|
|
|
|
267
|
|
|
|
|
|
|
__END__ |