request.rb in vines-0.4.1

- old
+ new

@@ -9,10 +9,11 @@
         MOVED         = 'Moved Permanently'.freeze
         NOT_FOUND     = 'Not Found'.freeze
         NOT_MODIFIED  = 'Not Modified'.freeze
         IF_MODIFIED   = 'If-Modified-Since'.freeze
         TEXT_PLAIN    = 'text/plain'.freeze
+        OPTIONS       = 'OPTIONS'.freeze
         CONTENT_TYPES = {
           'html'     => 'text/html; charset="utf-8"',
           'js'       => 'application/javascript; charset="utf-8"',
           'css'      => 'text/css',
           'png'      => 'image/png',
@@ -70,13 +71,34 @@
         # to the client.
         def reply(node, content_type)
           body = node.to_s
           header = [
             "HTTP/1.1 200 OK",
+            "Access-Control-Allow-Origin: *",
             "Content-Type: #{content_type}",
             "Content-Length: #{body.bytesize}"
           ].join("\r\n")
           @stream.stream_write([header, body].join("\r\n\r\n"))
+        end
+
+        # Return true if the request method is OPTIONS, signaling a
+        # CORS preflight check.
+        def options?
+          @method == OPTIONS
+        end
+
+        # Send a 200 OK response, allowing any origin domain to connect to the
+        # server, in response to CORS preflight OPTIONS requests. This allows
+        # any web application using strophe.js to connect to our BOSH port.
+        def reply_to_options
+          allow = @headers['Access-Control-Request-Headers']
+          headers = [
+            "Access-Control-Allow-Origin: *",
+            "Access-Control-Allow-Methods: POST, GET, OPTIONS",
+            "Access-Control-Allow-Headers: #{allow}",
+            "Access-Control-Max-Age: #{60 * 60 * 24 * 30}"
+          ]
+          send_status(200, 'OK', headers)
         end
 
         private
 
         # Attempt to rebuild the full request URI from the Host header. If it
\ No newline at end of file