Skip to content

Commit

Permalink
Merge pull request #1087 from sul-dlss/probe-cors
Browse files Browse the repository at this point in the history
Set Allow-Origin header for probe requests
  • Loading branch information
peetucket authored Dec 15, 2023
2 parents cc12eaa + 1fd8dd8 commit 559a00c
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 6 deletions.
22 changes: 16 additions & 6 deletions app/controllers/iiif/auth/v2/probe_service_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,28 @@ def show

file = StacksFile.new(id: parsed_uri[:druid], file_name: parsed_uri[:file_name], download: true)

response = { '@context': 'http://iiif.io/api/auth/2/context.json', type: 'AuthProbeResult2' }
json = { '@context': 'http://iiif.io/api/auth/2/context.json', type: 'AuthProbeResult2' }

if !file.readable?
response[:status] = 404
json[:status] = 404
elsif can? :access, file
response[:status] = 200
json[:status] = 200
else
response[:status] = 401
response.merge!(add_detail(file))
json[:status] = 401
json.merge!(add_detail(file))
end

render json: response
render json:
end

# Because the probe request sets the Accept header, the browser is going to preflight the request.
# Here we tell the browser, yes, we're good with this.
def options_pre_flight
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET'
response.headers['Access-Control-Allow-Headers'] = 'Authorization'
response.headers['Access-Control-Max-Age'] = '1728000'
head :no_content
end

private
Expand Down
2 changes: 2 additions & 0 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -84,4 +84,6 @@
# IIIF Auth V2
get '/iiif/auth/v2/token' => 'iiif/auth/v2/token#create'
get '/iiif/auth/v2/probe' => 'iiif/auth/v2/probe_service#show'
options '/iiif/auth/v2/probe' => 'iiif/auth/v2/probe_service#options_pre_flight'

end
11 changes: 11 additions & 0 deletions spec/requests/iiif/auth/v2/probe_service_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,17 @@
allow_any_instance_of(StacksFile).to receive(:readable?).and_return('420')
end

describe 'pre-flight request' do
before do
options "/iiif/auth/v2/probe?id=#{stacks_uri_param}"
end

it 'sets the headers' do
expect(response).to have_http_status :no_content
expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
end
end

context 'when the URI is not properly encoded' do
let(:file_name) { 'this has spaces.pdf' }
let(:stacks_uri) { "https://stacks-uat.stanford.edu/file/druid:#{id}/#{file_name}" }
Expand Down

0 comments on commit 559a00c

Please sign in to comment.