Use same CORS policy for /@:username and /users/:username (#9485)

Fixes #8189 rack-cors being called before the application router, it does not follow the redirection, and we need a separate rule for /users/:username.
author: ThibG <thib@sitedethib.com> 2018-12-10 21:39:47 +0100
committer: Eugen Rochko <eugen@zeonfederated.com> 2018-12-10 21:39:47 +0100
commit: 3f12c07ff5f60d22cfbff050a2639345ecbaec57 (patch)
tree: d970b7ba33627d6bc0ccc4f30d338b110307117b
parent: ed24bb2c3ecf82521be0685f59ecdee77c6fff39 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 36d3663cb..55f8c9c91 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -17,6 +17,10 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
       headers: :any,
       methods: [:get],
       credentials: false
+    resource '/users/:username',
+      headers: :any,
+      methods: [:get],
+      credentials: false
     resource '/api/*',
       headers: :any,
       methods: [:post, :put, :delete, :get, :patch, :options],
author	ThibG <thib@sitedethib.com>	2018-12-10 21:39:47 +0100
committer	Eugen Rochko <eugen@zeonfederated.com>	2018-12-10 21:39:47 +0100
commit	3f12c07ff5f60d22cfbff050a2639345ecbaec57 (patch)
tree	d970b7ba33627d6bc0ccc4f30d338b110307117b
parent	ed24bb2c3ecf82521be0685f59ecdee77c6fff39 (diff)