CORS tweaks

7 years ago · a337c5dbe5
parent c0979381a4
commit a337c5dbe5
1 changed files with 2 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -67,9 +67,11 @@ module Mastodon

    config.active_job.queue_adapter = :sidekiq

+    #config.middleware.insert_before 0, Rack::Cors, debug: true, logger: (-> { Rails.logger }) do
    config.middleware.insert_before 0, Rack::Cors do
      allow do
        origins  '*'
+        resource '/assets/*', headers: :any, methods: [:get, :head, :options]
        resource '/@:username',  headers: :any, methods: [:get], credentials: false
        resource '/api/*',       headers: :any, methods: [:post, :put, :delete, :get, :patch, :options], credentials: false, expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
        resource '/oauth/token', headers: :any, methods: [:post], credentials: false