Add CORS support to OIDC

app/controllers/api/v0/base_controller.rb

@@ -3,6 +3,8 @@ module Api
     class BaseController < ApplicationController
       include Api::OpenidConnect::ProtectedResourceEndpoint
 
+      protected
+
       def current_user
         current_token ? current_token.authorization.user : nil
       end

config/initializers/cors.rb

@@ -1,7 +1,11 @@
 Rails.application.config.middleware.insert 0, Rack::Cors do
   allow do
-    origins '*'
+    origins "*"
-    resource '/.well-known/host-meta'
+    resource "/.well-known/host-meta"
-    resource '/webfinger'
+    resource "/webfinger"
+    resource "/.well-known/webfinger"
+    resource "/.well-known/openid-configuration"
+    resource "/api/openid_connect/user_info", methods: :get
+    resource "/api/v0/*", methods: %i(get post delete)
   end
 end