Merge pull request #1925 from slainer68/cors_config

Use GlobalSetting to enable CORS at application level
This commit is contained in:
Robin Ward 2014-02-11 15:46:48 -05:00
commit 4dc24c6a77
2 changed files with 8 additions and 7 deletions

View file

@ -68,7 +68,7 @@ enable_mini_profiler = true
# recommended, cdn used to access assets
cdn_url =
# comma delimited list of emails that have devloper level access
# comma delimited list of emails that have developer level access
developer_emails =
# redis server address
@ -82,3 +82,7 @@ redis_db = 0
# redis password
redis_password =
# enable Cross-origin Resource Sharing (CORS) directly at the application level
enable_cors = false
cors_origin = '*'

View file

@ -1,13 +1,10 @@
if Rails.configuration.respond_to?(:enable_rack_cors) && Rails.configuration.enable_rack_cors
if GlobalSetting.enable_cors
require 'rack/cors'
cors_origins = Rails.configuration.respond_to?(:rack_cors_origins) ? Rails.configuration.rack_cors_origins : ['*']
cors_resource = Rails.configuration.respond_to?(:rack_cors_resource) ? Rails.configuration.rack_cors_resource : ['*', { headers: :any, methods: [:get, :post, :options] }]
Rails.configuration.middleware.use Rack::Cors do
allow do
origins *cors_origins
resource *cors_resource
origins GlobalSetting.cors_origin
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
end