X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/898cc828dd1f1167f85abbf35c8e3f0ed640ac1e..309bd95c571a672bed953ef1e77df6936b2c19f8:/config/initializers/cors.rb?ds=sidebyside diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 1a8ce106d..e7b813b73 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -1,4 +1,4 @@ -require "rack/cors" +# Be sure to restart your server when you modify this file. # Mark CORS responses as uncacheable as we don't want a browser to # try and reuse a response that had a different origin, even with @@ -6,10 +6,8 @@ require "rack/cors" module OpenStreetMap class Cors < Rack::Cors def call(env) - status, headers, body = super env - if headers['Access-Control-Allow-Origin'] - headers['Cache-Control'] = 'no-cache' - end + status, headers, body = super + headers["Cache-Control"] = "no-cache" if headers["Access-Control-Allow-Origin"] [status, headers, body] end end @@ -20,10 +18,17 @@ end # so browser-requests should be similarly permitted. (Though the API does not # require any custom headers, Ajax frameworks may automatically add headers # such as X-Requested-By to requests.) -Rails.configuration.middleware.use OpenStreetMap::Cors do +Rails.application.config.middleware.insert_before 0, OpenStreetMap::Cors do allow do origins "*" resource "/oauth/*", :headers => :any, :methods => [:get, :post] + resource "/oauth2/token", :headers => :any, :methods => [:post] + resource "/oauth2/revoke", :headers => :any, :methods => [:post] + resource "/oauth2/introspect", :headers => :any, :methods => [:post] resource "/api/*", :headers => :any, :methods => [:get, :post, :put, :delete] + resource "/diary/rss", :headers => :any, :methods => [:get] + resource "/diary/*/rss", :headers => :any, :methods => [:get] + resource "/trace/*/data", :headers => :any, :methods => [:get] + resource "/user/*/diary/rss", :headers => :any, :methods => [:get] end end