about summary refs log tree commit diff
path: root/config/initializers/cors.rb
blob: bc782bc76c2d408064a016595fc61bfade7566e5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Be sure to restart your server when you modify this file.

# Avoid CORS issues when API is called from the frontend app.
# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.

# Read more: https://github.com/cyu/rack-cors

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

    resource '/.well-known/*',
      headers: :any,
      methods: [:get],
      credentials: false
    resource '/@:username',
      headers: :any,
      methods: [:get],
      credentials: false
    resource '/users/:username',
      headers: :any,
      methods: [:get],
      credentials: false
    resource '/api/*',
      headers: :any,
      methods: [:post, :put, :delete, :get, :patch, :options],
      credentials: false,
      expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
    resource '/oauth/token',
      headers: :any,
      methods: [:post],
      credentials: false
    resource '/assets/*', headers: :any, methods: [:get, :head, :options]
    resource '/stylesheets/*', headers: :any, methods: [:get, :head, :options]
    resource '/javascripts/*', headers: :any, methods: [:get, :head, :options]
    resource '/packs/*', headers: :any, methods: [:get, :head, :options]
  end
end