Merge pull request #3467 from boushley/enable-cors-logout

Enable CORS requests to pass necessary headers.
2025-01-18 18:02:46 +08:00 · 2015-05-14 13:21:05 -04:00 · 2015-05-14 13:21:05 -04:00 · 2e85a817b2
commit 2e85a817b2
parent f1b9a389d9 60aa52b753
1 changed files with 2 additions and 1 deletions
--- a/config/initializers/08-rack-cors.rb
+++ b/config/initializers/08-rack-cors.rb
@ -29,7 +29,8 @@ if GlobalSetting.enable_cors
        end

        headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
-        headers['Access-Control-Allow-Credentials'] = "true"
+        headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-CSRF-Token'
+        headers['Access-Control-Allow-Credentials'] = 'true'
      end

      headers