Closed jethroo closed 4 years ago
(document my rationale here because I'll forget)
I think you're right. It looks like Rack::Utils.clean_path_info
removes the trailing slashes off paths, so...
/evaluations/*
matches /evaluations/
which makes sense in my mind, then/evaluations/*
should also match /evaluations
since Rack::Utils.clean_path_info('/evaluations/') == '/evaluations'
Hi there,
we currently update to our rack-cors dependency to close the CVE to a newer patch level but we are noticing breaking behaviour changes:
With the following ressource with gem version
1.0.1
we were getting back our rails application headers when doing an OPTIONS request to
/evaluations/
but with the bump to
1.0.4
these are not returned any more:(NOTE: behaviour is the same for
127.0.0.1:3000/evaluations
(without trailing slash) both in1.0.1
and1.0.4
)So somehow the matching of ressource paths seems to have changed.
For us it is also kind of intuitive that when defining a resource with
/evaluations/*
that this would include/evaluations/
and/evaluations
as well. An comment on what the actual intended behaviour is would be helpful (and maybe worth to be added to the documentation).Our current fix is to verbosly define following config:
Any comment is appreciated ;)