codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-30 10:58:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable CORS requests to pass necessary headers.

Browse source 
To fully enable session deletion over CORS we need support for passing the
`X-Requested-With` header so that these requests can pass the `check-xhr` filter.

I also allowed the `X-CSRF-Token` to enable the alternative CSRF passing syntax.
This commit is contained in:
Aaron Boushley 2015-05-14 09:46:36 -07:00
parent 635b31af7b
commit 60aa52b753
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/initializers/08-rack-cors.rb
View file

@ -29,7 +29,8 @@ if GlobalSetting.enable_cors
end end
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0] headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
headers['Access-Control-Allow-Credentials'] = "true" headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-CSRF-Token'
headers['Access-Control-Allow-Credentials'] = 'true'
end end
headers headers