nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Issue #8126 - Allow CORS on all API routes.

Browse source
This commit is contained in:
Dennis Schubert 2020-06-11 20:13:46 +02:00
parent 002d427f34
commit bcf5406f53
No known key found for this signature in database
GPG key ID: 5A0304BEA7966D7E
2 changed files with 22 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/initializers/cors.rb
View file

@ -10,8 +10,7 @@
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "*"
resource "/api/openid_connect/user_info", methods: %i(get post)
resource "/api/v0/*", methods: %i(delete get post)
resource "/api/*", methods: :any
resource "/.well-known/host-meta"
resource "/.well-known/webfinger"
resource "/.well-known/openid-configuration"

21
spec/integration/application_spec.rb
View file

@ -51,4 +51,25 @@ describe ApplicationController, type: :request do
end
end
end
describe "cross-origin resource sharing" do
before do
@headers = {
origin: "https://example.com"
}
end
it "does set permissive headers for API requests" do
get "/api/openid_connect/user_info", headers: @headers
expect(response.headers["Access-Control-Allow-Origin"]).to eq("*")
allow_methods = response.headers["Access-Control-Allow-Methods"].split(",").map(&:strip)
expect(allow_methods).to include("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
end
it "does allow CORS GET for the OpenID configuration" do
get "/.well-known/openid-configuration", headers: @headers
expect(response.headers["Access-Control-Allow-Origin"]).to eq("*")
expect(response.headers["Access-Control-Allow-Methods"]).to eq("GET")
end
end
end