f2922c943c
Remove partial support for CORS on webfinger routes and replace it with the Rack::Cors middleware. This provides more complete CORS support and works around a caching issue with nginx on Heroku and potentially other reverse proxies. CORS headers are only added if the incoming request includes an "Origin" header, which seems to be correct according to the CORS spec. closes #2216
7 lines
161 B
Ruby
7 lines
161 B
Ruby
Rails.application.config.middleware.insert 0, Rack::Cors do
|
|
allow do
|
|
origins '*'
|
|
resource '/.well-known/host-meta'
|
|
resource '/webfinger'
|
|
end
|
|
end
|