From 3f12c07ff5f60d22cfbff050a2639345ecbaec57 Mon Sep 17 00:00:00 2001 From: ThibG Date: Mon, 10 Dec 2018 21:39:47 +0100 Subject: Use same CORS policy for /@:username and /users/:username (#9485) Fixes #8189 rack-cors being called before the application router, it does not follow the redirection, and we need a separate rule for /users/:username. --- config/initializers/cors.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'config/initializers') diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 36d3663cb..55f8c9c91 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -17,6 +17,10 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do headers: :any, methods: [:get], credentials: false + resource '/users/:username', + headers: :any, + methods: [:get], + credentials: false resource '/api/*', headers: :any, methods: [:post, :put, :delete, :get, :patch, :options], -- cgit