Add :static_headers setting for custom headers in static file responses #2089
Conversation
a81d277 to
fc4868e
Compare
dentarg
left a comment
There was a problem hiding this comment.
We're in a Rack 3 world now, so please user lowercase for all header keys :-)
lib/sinatra/base.rb
Outdated
| if settings.respond_to?(:static_headers) && settings.static_headers | ||
| settings.static_headers.each do |k, v| | ||
| headers[k] = v | ||
| end | ||
| end |
There was a problem hiding this comment.
Actually, there's no need to loop
| if settings.respond_to?(:static_headers) && settings.static_headers | |
| settings.static_headers.each do |k, v| | |
| headers[k] = v | |
| end | |
| end | |
| headers(settings.static_headers) if settings.static_headers? |
There was a problem hiding this comment.
Should we add this remove before or after cache_control(*settings.static_cache_control) if settings.static_cache_control??
If we add it before, static_cache_control have precedence, if we add it after, you can overwrite headers like Cache-Control, with static_headers. What do we want?
There was a problem hiding this comment.
Good question, personally I think that calling headers(settings.static_headers) after Cache-Control makes more sense, since it gives the users more control. It feels more explicit and flexible that way, at least to me.
…d, add static_headers to available settings on readme
|
Thanks for the feedback, made the changes you suggested. Let me know if there is something else to be addressed. |
dentarg
left a comment
There was a problem hiding this comment.
To encourage the style of lowercase headers
Description
This PR implements recent feature request related to static file responses. It introduces a new configuration setting,
:static_headers, which allows developers to define custom headers that will be applied to all static file responses served bystatic!-method.Why?
Fixes #2088
Sinatra serves static files directly via
static!, bypassing filters and middleware. This makes it so that there is no good ways to add headers likeAccess-Control-Allow-Origin, which are often needed for CORS access (e.g., when using fonts or images on canvas).