Ressource with $ are not handled as expected

[aithscel]

Resources having a $ in the path do not work.

Example: App requirements:

• /foo and /$bar should allow POST and OPTIONS
• anything else should allow GET and OPTIONS

With the sample app attached i get:

• /foo is returning access-control-allow-methods: POST, OPTIONS as expected

  ~/dev/sandbox/cors $ curl -H 'Origin: http://example.com' -X OPTIONS  -i 'http://127.0.0.1:9292/foo'
  HTTP/1.1 200 OK
  access-control-allow-origin: *
  access-control-allow-methods: POST, OPTIONS
  access-control-expose-headers: 
  access-control-max-age: 7200
  content-type: text/html
  vary: Origin
  Content-Length: 17

• /baz is returning access-control-allow-methods: GET, OPTIONS as expected ( wildcard ressource)

• /$bar is returning access-control-allow-methods: GET, OPTIONS but it should return access-control-allow-methods: POST, OPTIONS

curl -H 'Origin: http://example.com' -X OPTIONS  -i 'http://127.0.0.1:9292/$bar'
HTTP/1.1 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-expose-headers: 
access-control-max-age: 7200
content-type: text/html
vary: Origin
Content-Length: 17

Sample app:

# run it with rackup ./config.ru 

require 'rack/cors'

app = Rack::Builder.new do

    use Rack::Cors do
      allow do
        origins '*'
        resource '/foo',  headers: :any, methods: [:post, :options]
        resource '/$bar', headers: :any, methods: [:post, :options]
        resource '*', headers: :any, methods: [:get, :options]
      end
    end

    run lambda { |env|
      [200, {'content-type' => 'text/html'}, ['response accepted']]
    }
end    

run app