+# Mark CORS responses as uncacheable as we don't want a browser to
+# try and reuse a response that had a different origin, even with
+# revalidation, as the origin check will fail.
+module OpenStreetMap
+ class Cors < Rack::Cors
+ def call(env)
+ status, headers, body = super env
+ headers["Cache-Control"] = "no-cache" if headers["Access-Control-Allow-Origin"]
+ [status, headers, body]
+ end
+ end
+end
+