2014-07-23 15:03:52 +08:00
|
|
|
if GlobalSetting.enable_cors && GlobalSetting.cors_origin.present?
|
2013-04-22 17:16:58 +08:00
|
|
|
|
2014-07-23 15:03:52 +08:00
|
|
|
class Discourse::Cors
|
|
|
|
def initialize(app, options = nil)
|
|
|
|
@app = app
|
|
|
|
@origins = GlobalSetting.cors_origin.split(',').map(&:strip)
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(env)
|
|
|
|
status, headers, body = @app.call(env)
|
|
|
|
origin = nil
|
|
|
|
|
|
|
|
if origin = env['HTTP_ORIGIN']
|
|
|
|
origin = nil unless @origins.include? origin
|
|
|
|
end
|
|
|
|
|
|
|
|
headers['Access-Control-Allow-Origin'] = origin || @origins[0]
|
2014-07-30 00:41:59 +08:00
|
|
|
headers['Access-Control-Allow-Credentials'] = "true"
|
2014-07-23 15:03:52 +08:00
|
|
|
[status,headers,body]
|
2013-04-22 17:16:58 +08:00
|
|
|
end
|
|
|
|
end
|
2014-07-23 15:03:52 +08:00
|
|
|
|
|
|
|
Rails.configuration.middleware.insert 0, Discourse::Cors
|
2013-04-22 17:16:58 +08:00
|
|
|
end
|