config/initializers/cors.rb

   1 # Be sure to restart your server when you modify this file.
   2
   3 # Avoid CORS issues when API is called from the frontend app.
   4 # Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
   5
   6 # Read more: https://github.com/cyu/rack-cors
   7
   8 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   9   allow do
  10     origins '*'
  11
  12     resource '/.well-known/*',
  13       headers: :any,
  14       methods: [:get],
  15       credentials: false
  16     resource '/@:username',
  17       headers: :any,
  18       methods: [:get],
  19       credentials: false
  20     resource '/api/*',
  21       headers: :any,
  22       methods: [:post, :put, :delete, :get, :patch, :options],
  23       credentials: false,
  24       expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
  25     resource '/oauth/token',
  26       headers: :any,
  27       methods: [:post],
  28       credentials: false
  29     resource '/assets/*', headers: :any, methods: [:get, :head, :options]
  30     resource '/stylesheets/*', headers: :any, methods: [:get, :head, :options]
  31     resource '/javascripts/*', headers: :any, methods: [:get, :head, :options]
  32     resource '/packs/*', headers: :any, methods: [:get, :head, :options]
  33   end
  34 end