cors.rb 1.0 KB

123456789101112131415161718192021222324252627282930313233343536
  1. # frozen_string_literal: true
  2. # Be sure to restart your server when you modify this file.
  3. # Avoid CORS issues when API is called from the frontend app.
  4. # Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
  5. # Read more: https://github.com/cyu/rack-cors
  6. Rails.application.config.middleware.insert_before 0, Rack::Cors do
  7. allow do
  8. origins '*'
  9. resource '/.well-known/*',
  10. headers: :any,
  11. methods: [:get],
  12. credentials: false
  13. resource '/@:username',
  14. headers: :any,
  15. methods: [:get],
  16. credentials: false
  17. resource '/users/:username',
  18. headers: :any,
  19. methods: [:get],
  20. credentials: false
  21. resource '/api/*',
  22. headers: :any,
  23. methods: [:post, :put, :delete, :get, :patch, :options],
  24. credentials: false,
  25. expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
  26. resource '/oauth/token',
  27. headers: :any,
  28. methods: [:post],
  29. credentials: false
  30. end
  31. end