Implements support for rack-cors for API JavaScript access in end-user browser

This commit is contained in:
slainer68 2013-04-22 11:16:58 +02:00
parent f980b4d16e
commit 467c76b2c0
4 changed files with 25 additions and 0 deletions

View file

@ -127,6 +127,8 @@ gem 'rack-mini-profiler', require: false # require: false #, git: 'git://github
gem 'redis-rack-cache', require: false
gem 'rack-cache', require: false
gem 'rack-cors', require: false
# perftools only works on 1.9 atm
group :profile do
# travis refuses to install this, instead of fuffing, just avoid it for now

View file

@ -331,6 +331,8 @@ GEM
rack (1.4.5)
rack-cache (1.2)
rack (>= 0.4)
rack-cors (0.2.7)
rack
rack-mini-profiler (0.1.26)
rack (>= 1.1.3)
rack-openid (1.3.1)
@ -526,6 +528,7 @@ DEPENDENCIES
pg
pry-rails
rack-cache
rack-cors
rack-mini-profiler
rails
rails_multisite!

View file

@ -55,6 +55,13 @@ Discourse::Application.configure do
# allows admins to use mini profiler
config.enable_mini_profiler = true
# allows Cross-origin resource sharing (CORS) for API access in JavaScript (default to false for security).
# See the initializer and https://github.com/cyu/rack-cors for configuration documentation.
#
# config.enable_rack_cors = false
# config.rack_cors_origins = ['*']
# config.rack_cors_resource = ['*', { :headers => :any, :methods => [:get, :post, :options] }]
# Discourse strongly recommend you use a CDN.
# For origin pull cdns all you need to do is register an account and configure
# config.action_controller.asset_host = "http://YOUR_CDN_HERE"

View file

@ -0,0 +1,13 @@
if Rails.configuration.respond_to?(:enable_rack_cors) && Rails.configuration.enable_rack_cors
require 'rack/cors'
cors_origins = Rails.configuration.respond_to?(:rack_cors_origins) ? Rails.configuration.rack_cors_origins : ['*']
cors_resource = Rails.configuration.respond_to?(:rack_cors_resource) ? Rails.configuration.rack_cors_resource : ['*', { headers: :any, methods: [:get, :post, :options] }]
Rails.configuration.middleware.use Rack::Cors do
allow do
origins *cors_origins
resource *cors_resource
end
end
end