cors.rb 987 B

1234567891011121314151617181920212223242526272829
  1. # frozen_string_literal: true
  2. # Be sure to restart your server when you modify this file.
  3. # Avoid CORS issues when API is called from the frontend app.
  4. # Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin Ajax requests.
  5. # Read more: https://github.com/cyu/rack-cors
  6. Rails.application.config.middleware.insert_before 0, Rack::Cors do
  7. allow do
  8. origins '*'
  9. with_options headers: :any, credentials: false do
  10. with_options methods: [:get] do
  11. resource '/.well-known/*'
  12. resource '/nodeinfo/*'
  13. resource '/@:username'
  14. resource '/users/:username'
  15. end
  16. resource '/api/*',
  17. expose: %w(Link X-RateLimit-Reset X-RateLimit-Limit X-RateLimit-Remaining X-Request-Id),
  18. methods: %i(post put delete get patch options)
  19. resource '/oauth/token', methods: [:post]
  20. resource '/oauth/revoke', methods: [:post]
  21. resource '/oauth/userinfo', methods: [:get, :post]
  22. end
  23. end
  24. end