Enable CORS for PWA [SCI-4979]

Gemfile

@@ -37,6 +37,7 @@ gem 'jsonapi-renderer', '~> 0.2.2'
 gem 'jwt', '~> 1.5'
 gem 'kaminari'
 gem 'rack-attack'
+gem 'rack-cors'
 
 # JS datetime library, requirement of datetime picker
 gem 'momentjs-rails', '~> 2.17.1'

Gemfile.lock

@@ -411,6 +411,8 @@ GEM
     rack (2.2.3)
     rack-attack (6.1.0)
       rack (>= 1.0, < 3)
+    rack-cors (1.1.1)
+      rack (>= 2.0.0)
     rack-proxy (0.6.5)
       rack
     rack-test (1.1.0)
@@ -668,6 +670,7 @@ DEPENDENCIES
   pry-rails
   puma
   rack-attack
+  rack-cors
   rails (~> 6.0.0)
   rails-controller-testing
   rails_12factor

config/initializers/cors.rb

@@ -5,12 +5,22 @@
 
 # Read more: https://github.com/cyu/rack-cors
 
-# Rails.application.config.middleware.insert_before 0, Rack::Cors do
-#   allow do
-#     origins 'example.com'
-#
-#     resource '*',
-#       headers: :any,
-#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
-#   end
-# end
+if ENV['SCINOTE_PWA_DOMAIN_NAME'].present?
+  Rails.application.config.middleware.insert_before 0, Rack::Cors do
+    allow do
+      origins ENV['SCINOTE_PWA_DOMAIN_NAME']
+
+      resource '/oauth/token',
+               headers: :any,
+               methods: %i(post)
+
+      resource '/rails/active_storage/*',
+               headers: :any,
+               methods: %i(get post options head)
+
+      resource '/api/*',
+               headers: :any,
+               methods: %i(get post put patch delete options head)
+    end
+  end
+end