~cytrogen/masto-fe

ref: d7fcd70023d481cb6a53aef7a58dabfd6a2fa7b2 masto-fe/config/initializers/cors.rb -rw-r--r-- 850 bytes
d7fcd700 — Claire Merge commit '2016c5d912f400ae98ee03ce269112de2f9ec62d' into glitch-soc/merge-upstream 2 years ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# frozen_string_literal: true

# Be sure to restart your server when you modify this file.

# Avoid CORS issues when API is called from the frontend app.
# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.

# Read more: https://github.com/cyu/rack-cors

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

    with_options headers: :any, credentials: false do
      with_options methods: [:get] do
        resource '/.well-known/*'
        resource '/@:username'
        resource '/users/:username'
      end
      resource '/api/*',
               expose: %w(Link X-RateLimit-Reset X-RateLimit-Limit X-RateLimit-Remaining X-Request-Id),
               methods: %i(post put delete get patch options)
      resource '/oauth/token', methods: [:post]
    end
  end
end