From 7668e1641942b75bf1e33ad126a7bd386c730a09 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Fri, 4 Sep 2020 11:47:45 +0200 Subject: [PATCH] Enable CORS for PWA [SCI-4979] --- Gemfile | 1 + Gemfile.lock | 3 +++ config/initializers/cors.rb | 28 +++++++++++++++++++--------- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index d3a99ea73..048738060 100644 --- a/Gemfile +++ b/Gemfile @@ -37,6 +37,7 @@ gem 'jsonapi-renderer', '~> 0.2.2' gem 'jwt', '~> 1.5' gem 'kaminari' gem 'rack-attack' +gem 'rack-cors' # JS datetime library, requirement of datetime picker gem 'momentjs-rails', '~> 2.17.1' diff --git a/Gemfile.lock b/Gemfile.lock index faf79f603..e37f96a75 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -411,6 +411,8 @@ GEM rack (2.2.3) rack-attack (6.1.0) rack (>= 1.0, < 3) + rack-cors (1.1.1) + rack (>= 2.0.0) rack-proxy (0.6.5) rack rack-test (1.1.0) @@ -668,6 +670,7 @@ DEPENDENCIES pry-rails puma rack-attack + rack-cors rails (~> 6.0.0) rails-controller-testing rails_12factor diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 3b1c1b5ed..3b9603bfa 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -5,12 +5,22 @@ # Read more: https://github.com/cyu/rack-cors -# Rails.application.config.middleware.insert_before 0, Rack::Cors do -# allow do -# origins 'example.com' -# -# resource '*', -# headers: :any, -# methods: [:get, :post, :put, :patch, :delete, :options, :head] -# end -# end +if ENV['SCINOTE_PWA_DOMAIN_NAME'].present? + Rails.application.config.middleware.insert_before 0, Rack::Cors do + allow do + origins ENV['SCINOTE_PWA_DOMAIN_NAME'] + + resource '/oauth/token', + headers: :any, + methods: %i(post) + + resource '/rails/active_storage/*', + headers: :any, + methods: %i(get post options head) + + resource '/api/*', + headers: :any, + methods: %i(get post put patch delete options head) + end + end +end