From ba8093f13a5ff0a380971c511a70ee3e2f44e14a Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 6 Jul 2021 19:30:05 +0100
Subject: [PATCH] Allow cross origin access to OAuth 2 token endpoints

---
 config/initializers/cors.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 2ff479c6a..7421bd334 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -22,6 +22,9 @@ Rails.application.config.middleware.insert_before 0, OpenStreetMap::Cors do
   allow do
     origins "*"
     resource "/oauth/*", :headers => :any, :methods => [:get, :post]
+    resource "/oauth2/token", :headers => :any, :methods => [:post]
+    resource "/oauth2/revoke", :headers => :any, :methods => [:post]
+    resource "/oauth2/introspect", :headers => :any, :methods => [:post]
     resource "/api/*", :headers => :any, :methods => [:get, :post, :put, :delete]
     resource "/diary/rss", :headers => :any, :methods => [:get]
     resource "/diary/*/rss", :headers => :any, :methods => [:get]
-- 
2.39.5