def call(env)
env['HTTP_ORIGIN'] = 'file://' if env['HTTP_ORIGIN'] == 'null'
env['HTTP_ORIGIN'] ||= env['HTTP_X_ORIGIN']
cors_headers = nil
if env['HTTP_ORIGIN']
debug(env) do
[ 'Incoming Headers:',
" Origin: #{env['HTTP_ORIGIN']}",
" Access-Control-Request-Method: #{env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']}",
" Access-Control-Request-Headers: #{env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"
].join("\n")
end
if env['REQUEST_METHOD'] == 'OPTIONS' and env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
if headers = process_preflight(env)
debug(env) do
"Preflight Headers:\n" +
headers.collect{|kv| " #{kv.join(': ')}"}.join("\n")
end
return [200, headers, []]
end
else
cors_headers = process_cors(env)
end
end
status, headers, body = @app.call env
if cors_headers
headers = headers.merge(cors_headers)
unless headers['Access-Control-Allow-Origin'] == '*'
vary = headers['Vary']
headers['Vary'] = ((vary ? vary.split(/,\s*/) : []) + ['Origin']).uniq.join(', ')
end
end
[status, headers, body]
end