Commit a2c88d93 authored by Michael Rose's avatar Michael Rose

controllers: add cors concern, apply to new API

parent 948f122f
class Api::V1::StoriesController < ApplicationController
include Cors
before_action :set_story, only: [:show]
before_action :cors_preflight_check
after_action :cors_headers
respond_to :json
......
module Cors
extend ActiveSupport::Concern
def cors_preflight_check
if request.method == 'OPTIONS'
cors_headers
headers['Access-Control-Allow-Headers'] = request.headers['Access-Control-Request-Headers'] || ''
render_200
end
end
# For all responses in this controller, return the CORS access control headers.
def cors_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'DELETE, GET, HEAD, PATCH, PUT, POST, OPTIONS'
headers['Access-Control-Max-Age'] = '1728000'
end
end
\ No newline at end of file
class PensieveController < ApplicationController
include Cors
skip_before_action :verify_authenticity_token
before_action :cors_preflight_check
before_action :authenticate
......@@ -42,20 +43,4 @@ class PensieveController < ApplicationController
head 401, content_type: 'application/json'
end
end
def cors_preflight_check
if request.method == 'OPTIONS'
cors_headers
headers['Access-Control-Allow-Headers'] = request.headers['Access-Control-Request-Headers'] || ''
render_200
end
end
# For all responses in this controller, return the CORS access control headers.
def cors_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = '1728000'
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment