cors.rb 1006 B

12345678910111213141516171819202122232425262728293031323334
  1. # Be sure to restart your server when you modify this file.
  2. # Avoid CORS issues when API is called from the frontend app.
  3. # Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
  4. # Read more: https://github.com/cyu/rack-cors
  5. Rails.application.config.middleware.insert_before 0, Rack::Cors do
  6. allow do
  7. origins '*'
  8. resource '/.well-known/*',
  9. headers: :any,
  10. methods: [:get],
  11. credentials: false
  12. resource '/@:username',
  13. headers: :any,
  14. methods: [:get],
  15. credentials: false
  16. resource '/users/:username',
  17. headers: :any,
  18. methods: [:get],
  19. credentials: false
  20. resource '/api/*',
  21. headers: :any,
  22. methods: [:post, :put, :delete, :get, :patch, :options],
  23. credentials: false,
  24. expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
  25. resource '/oauth/token',
  26. headers: :any,
  27. methods: [:post],
  28. credentials: false
  29. end
  30. end