diff options
author | David Yip <yipdw@member.fsf.org> | 2018-04-13 16:36:46 -0500 |
---|---|---|
committer | David Yip <yipdw@member.fsf.org> | 2018-04-13 16:36:46 -0500 |
commit | ed490b781f9347b77eb2305e33ba6dd83f3539b0 (patch) | |
tree | 4f958ce8da072e35ef654cf5ae0a152f613f3ad8 /config/initializers/cors.rb | |
parent | a817f084eafaf5527445c29ab1d68f42b1a2872f (diff) | |
parent | 50529cbceb84e611bca497624a7a4c38113e5135 (diff) |
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts: Gemfile.lock config/application.rb
Diffstat (limited to 'config/initializers/cors.rb')
-rw-r--r-- | config/initializers/cors.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb new file mode 100644 index 000000000..36e2694e3 --- /dev/null +++ b/config/initializers/cors.rb @@ -0,0 +1,30 @@ +# Be sure to restart your server when you modify this file. + +# Avoid CORS issues when API is called from the frontend app. +# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests. + +# Read more: https://github.com/cyu/rack-cors + +Rails.application.config.middleware.insert_before 0, Rack::Cors do + allow do + origins '*' + + resource '/@:username', + headers: :any, + methods: [:get], + credentials: false + resource '/api/*', + headers: :any, + methods: [:post, :put, :delete, :get, :patch, :options], + credentials: false, + expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id'] + resource '/oauth/token', + headers: :any, + methods: [:post], + credentials: false + resource '/assets/*', headers: :any, methods: [:get, :head, :options] + resource '/stylesheets/*', headers: :any, methods: [:get, :head, :options] + resource '/javascripts/*', headers: :any, methods: [:get, :head, :options] + resource '/packs/*', headers: :any, methods: [:get, :head, :options] + end +end |