Add CORS support

dmolesUC · dmolesUC · commit 5a36a399d90a · 2022-05-26T14:51:41.000-07:00
diff --git a/config/application.rb b/config/application.rb
@@ -36,8 +36,16 @@ class Application < Rails::Application
     config.middleware.use config.session_store, config.session_options
 
     # CAS configuration
-    # - NOTE: overridden in production.rb
-    config.cas_host = ENV.fetch('CAS_HOST') { 'auth-test.berkeley.edu' }
+    config.cas_host = ENV.fetch('CAS_HOST') do
+      "#{Rails.env.production? ? 'auth' : 'auth-test'}.berkeley.edu"
+    end
+
+    Rails.application.config.hosts.append(
+      '.ucblib.org',
+      '.lib.berkeley.edu',
+      '.pantheon.berkeley.edu',
+      config.cas_host
+    )
 
     BerkeleyLibrary::Alma::Config.default!
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -63,14 +63,4 @@
   #   logger.formatter = config.log_formatter
   #   config.logger    = ActiveSupport::TaggedLogging.new(logger)
   # end
-
-  # CAS configuration
-  # - NOTE: overrides application.rb
-  config.cas_host = ENV.fetch('CAS_HOST') { 'auth.berkeley.edu' }
-
-  if ENV['CI'].blank? # TODO: what if it's not?
-    Rails.application.config.hosts << '.ucblib.org'
-    Rails.application.config.hosts << '.lib.berkeley.edu'
-    Rails.application.config.hosts << config.cas_host
-  end
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
@@ -47,4 +47,9 @@
 
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true
+
+  Rails.application.config.hosts.append(
+    ActionDispatch::Integration::Session::DEFAULT_HOST,
+    ActionController::Renderer::DEFAULTS['http_host']
+  )
 end
diff --git a/spec/lib/cors_helper_spec.rb b/spec/lib/cors_helper_spec.rb
@@ -6,5 +6,15 @@
       invalid_uri = 'not a URI'
       expect(CorsHelper.allow?(invalid_uri)).to eq(false)
     end
+
+    it 'returns true for a lib.berkeley.edu origin' do
+      source = 'https://www.lib.berkeley.edu/'
+      expect(CorsHelper.allow?(source)).to eq(true)
+    end
+
+    it 'returns true for a pantheon.berkeley.edu origin' do
+      source = 'https://dev.pantheon.berkeley.edu/'
+      expect(CorsHelper.allow?(source)).to eq(true)
+    end
   end
 end
diff --git a/spec/requests/facets_spec.rb b/spec/requests/facets_spec.rb
@@ -27,6 +27,14 @@
         parsed_response = JSON.parse(response.body)
         expect(parsed_response).to contain_jsonapi_for(Facet.all, { include: [:terms] })
       end
+
+      it 'returns a Access-Control-Allow-Origin header in response to an Origin header' do
+        origin = 'www.lib.berkeley.edu'
+        get facets_url, params: { include: 'terms' }, headers: { 'Origin' => origin }
+
+        expect(response).to be_successful
+        expect(response.headers['Access-Control-Allow-Origin']).to eq(origin)
+      end
     end
   end
 end
