diff --git a/Gemfile b/Gemfile index e7f29b3fd..37cabc2fb 100644 --- a/Gemfile +++ b/Gemfile @@ -8,6 +8,10 @@ gem 'whenever' gem 'thin', '~> 1.3.1', :require => false +# cross-origin resource sharing + +gem 'rack-cors', '~> 0.2.4', :require => 'rack/cors' + # authentication gem 'devise', '~> 1.3.1' diff --git a/Gemfile.lock b/Gemfile.lock index 1faad6b79..cd6de730d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -300,6 +300,8 @@ GEM polyglot (0.3.3) proxies (0.2.1) rack (1.2.5) + rack-cors (0.2.4) + rack rack-fiber_pool (0.9.2) rack-google-analytics (0.10.0) rack-mobile-detect (0.3.0) @@ -496,6 +498,7 @@ DEPENDENCIES omniauth-twitter parallel_tests pg + rack-cors (~> 0.2.4) rack-google-analytics rack-piwik rack-rewrite (~> 1.2.1) diff --git a/app/controllers/publics_controller.rb b/app/controllers/publics_controller.rb index 3906d3f30..b83009545 100644 --- a/app/controllers/publics_controller.rb +++ b/app/controllers/publics_controller.rb @@ -12,12 +12,11 @@ class PublicsController < ApplicationController # We use newrelic_ignore to prevent artifical RPM bloat; however, # I am commenting this line out for the time being to debug some apparent # issues on Heroku. - # + # # newrelic_ignore if EnviromentConfiguration.using_new_relic? skip_before_filter :set_header_data skip_before_filter :set_grammatical_gender - before_filter :allow_cross_origin, :only => [:hcard, :host_meta, :webfinger] before_filter :check_for_xml, :only => [:receive, :receive_public] before_filter :authenticate_user!, :only => [:index] @@ -82,12 +81,6 @@ class PublicsController < ApplicationController end - def allow_cross_origin - headers["Access-Control-Allow-Origin"] = "*" - end - - - private def check_for_xml diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb new file mode 100644 index 000000000..68e071e7c --- /dev/null +++ b/config/initializers/cors.rb @@ -0,0 +1,7 @@ +Rails.application.config.middleware.insert 0, Rack::Cors do + allow do + origins '*' + resource '/.well-known/host-meta' + resource '/webfinger' + end +end