discourse/config/initializers/08-rack-cors.rb
2014-07-30 02:36:30 +05:30

25 lines
642 B
Ruby

if GlobalSetting.enable_cors && GlobalSetting.cors_origin.present?
class Discourse::Cors
def initialize(app, options = nil)
@app = app
@origins = GlobalSetting.cors_origin.split(',').map(&:strip)
end
def call(env)
status, headers, body = @app.call(env)
origin = nil
if origin = env['HTTP_ORIGIN']
origin = nil unless @origins.include? origin
end
headers['Access-Control-Allow-Origin'] = origin || @origins[0]
headers['Access-Control-Allow-Credentials'] = "true"
[status,headers,body]
end
end
Rails.configuration.middleware.insert 0, Discourse::Cors
end