Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 08 2020 17:21
    mwpastore commented #19
  • Dec 22 2019 18:07
    senid231 edited #19
  • Dec 22 2019 17:57
    senid231 commented #19
  • Dec 22 2019 17:56
    senid231 opened #19
  • Feb 11 2019 22:55

    mwpastore on namespace-dsl

    wip (compare)

  • Sep 08 2018 13:00
    jnylen closed #17
  • Feb 24 2018 10:59
    jannishuebl commented #18
  • Feb 23 2018 10:54
    jannishuebl opened #18
  • Dec 17 2017 06:34
    jnylen opened #17
  • Oct 27 2017 01:18

    mwpastore on master

    Update Sinatra dependencies (compare)

  • Oct 27 2017 01:16

    mwpastore on v1.3.0

    (compare)

  • Oct 27 2017 01:16

    mwpastore on master

    Bump to 1.3.0 (compare)

  • Oct 27 2017 01:10

    mwpastore on master

    Deprecate `sinja {}' in favor o… Make sure Rubygems is up-to-dat… Dynamic before_<action> arity and 5 more (compare)

  • Oct 06 2017 04:30
    mwpastore commented #16
  • Oct 06 2017 00:39
    jnylen closed #16
  • Oct 06 2017 00:39
    jnylen commented #16
  • Oct 05 2017 22:19
    mwpastore commented #16
  • Oct 05 2017 22:14
    mwpastore commented #16
  • Oct 04 2017 00:02
    jnylen commented #16
  • Oct 03 2017 23:43
    jnylen commented #16
Mike Pastore
@mwpastore
it should just ignore the accept header for preflight options
since there's no easy way to control the browser's behavior
Jonathan Gnagy
@jgnagy
nice
so it'll just work
Mike Pastore
@mwpastore
I think so, yes
Jonathan Gnagy
@jgnagy
looks like you're right
here's my now-passing test
    context 'OPTIONS /users' do
      it 'returns 200 with expected headers' do
        options '/users'

        # Should respond with a 200
        expect(last_response.status).to eq(200)
        expect(last_response.headers['Access-Control-Allow-Origin']).to eq('*')
      end
    end
Mike Pastore
@mwpastore
how/where are you setting the ACAO header
Jonathan Gnagy
@jgnagy
        before '*' do
          headers 'Access-Control-Allow-Origin' => '*'
          determine_roles
        end
I'll move that to an ENV variable eventually
Mike Pastore
@mwpastore
I would maybe put it in after, and you don't need a *
after do
  headers(
    'Access-Control-Allow-Origin' => '*',
    'Access-Control-Allow-Methods' => response['Allow']
  ) if request.options?
end
Jonathan Gnagy
@jgnagy
cool
Mike Pastore
@mwpastore
doing it in the before like that might send it even with an access denied error
which kind of defeats the purpose of CORS
Jonathan Gnagy
@jgnagy
true
Mike Pastore
@mwpastore
you may need to copy the allow header as well... see above
Jonathan Gnagy
@jgnagy
I have the others defined afterwards
Mike Pastore
@mwpastore
cool, I'll add a note to the README
Jonathan Gnagy
@jgnagy
like Access-Control-Allow-Methods and Access-Control-Allow-Headers
Mike Pastore
@mwpastore
well sinja will automatically set the Allow response header based on the methods that are available
Jonathan Gnagy
@jgnagy
makes sense
I'll adjust that then
Mike Pastore
@mwpastore
so you shouldn't need to set ACAM manually, but you should copy the value from Allow to ACAM
Jonathan Gnagy
@jgnagy
got it
Jonathan Gnagy
@jgnagy
does Sinja do anything for Access-Control-Allow-Headers?
per chance
Mike Pastore
@mwpastore
it does not
Jonathan Gnagy
@jgnagy
ok good
didn't want to break anything it might be doing there
Jonathan Gnagy
@jgnagy
by the way, I have been working on a fork of munson to add some features and fix a few things I don't like
since it doesn't seem to be so actively maintained
Mike Pastore
@mwpastore
ah, sweet!
Jonathan Gnagy
@jgnagy
feel free to add github issues if there are things you'd like to see fixed
I needed to be able to use DELETE, for instance
Mike Pastore
@mwpastore
yeah munson is pretty woeful
I tried using it to write sinja's test suite and it was a total failure
Jonathan Gnagy
@jgnagy
well, it is one of better libraries to start from, at least
Mike Pastore
@mwpastore
yeah
compared to the other options it's lightyears ahead which is frightening
Jonathan Gnagy
@jgnagy
but I added in support for custom endpoints, some ActiveRecord compatibility options (so I could use it as a drop-in replacement for AR in views and resource routes in Rails), and Resource#destroy
got lots more planned if I ever get time
Mike Pastore
@mwpastore
neat
Jonathan Gnagy
@jgnagy
got another question: lets say, for a given resource, when I'm providing a collection I don't want to include an attribute (say indexing Users, I don't want to provide the emails for all the users), but for show I do want that attribute to show up.
so I don't want to modify the serializer, because then I'd never seem email
is there a way to customize the serializer's behavior for just the index block? (and maybe show_many)
looks like serialize_models() is the right answer, but I'm struggling to see how to pass it the options I want (namely how to exclude a field)
Lucas Hosseini
@beauby
@jgnagy You may be looking for the fields JSON API query parameter (http://jsonapi.org/format/#fetching-sparse-fieldsets)