0.02
No commit activity in last 3 years
No release in over 3 years
This Sinatra plugin supports the full CORS spec including automatic support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The plugin logs to the default logger to guide you in setting things up properly. It will tell you why a CORS request failed and tell you how to fix it.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Dependencies
 Project Readme

Build Status

Sinatra CORS

This Sinatra plugin supports the full CORS spec including automatic support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The plugin logs to the default logger to guide you in setting things up properly. It will tell you why a CORS request failed and tell you how to fix it.

Get the Gem

https://rubygems.org/gems/sinatra-cors

Quick Start

The following is an example of how to create a CORS enabled route with some typical default configuration.

require "sinatra"
require "sinatra/cors"

set :allow_origin, "http://example.com http://foo.com"
set :allow_methods, "GET,HEAD,POST"
set :allow_headers, "content-type,if-modified-since"
set :expose_headers, "location,link"

get "/foo" do
  "foo"
end

Or, for a modular style application.

require "sinatra"
require "sinatra/cors"

class Foo < Sinatra::Base
  register Sinatra::Cors

  set :allow_origin, "http://example.com http://foo.com"
  set :allow_methods, "GET,HEAD,POST"
  set :allow_headers, "content-type,if-modified-since"
  set :expose_headers, "location,link"

  get "/foo" do
    "foo"
  end
end

Settings

  • allow_origin: A regex, or space-separated list of allowed origins, or an array of either of the previous two. (Example: "https://example.com")
  • allow_methods: A comma-separated list of allowed methods. (Example: "GET,HEAD,POST")
  • allow_headers: A comma-spearated list of allowed request headers. (Example: "content-type,if-modified-since")
  • max_age: The number of seconds you allow the client to cache a preflight response (Example: "500")
  • expose_headers: A comma-separated list of response headers the client will have access to. (Example: "location,link")
  • allow_credentials: If true, it will allow actual requests to send things like cookies, HTTP authentication, and client-side SSL certificates. (Example: true)