CORS tweaks

This commit is contained in:
Beatrix Bitrot 2017-04-22 00:55:14 +00:00 committed by beatrix-bitrot
parent 0c8f23b69f
commit 6a5afc6fe8

View file

@ -67,9 +67,11 @@ module Mastodon
config.active_job.queue_adapter = :sidekiq
#config.middleware.insert_before 0, Rack::Cors, debug: true, logger: (-> { Rails.logger }) do
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '/assets/*', headers: :any, methods: [:get, :head, :options]
resource '/@:username', headers: :any, methods: [:get], credentials: false
resource '/api/*', headers: :any, methods: [:post, :put, :delete, :get, :patch, :options], credentials: false, expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
resource '/oauth/token', headers: :any, methods: [:post], credentials: false