add cors headers

2 years ago · aa3bd24332
parent 250889623d
commit aa3bd24332
2 changed files with 10 additions and 0 deletions
--- a/app/controllers/api/active_storage_blobs_proxy_controller.rb
+++ b/app/controllers/api/active_storage_blobs_proxy_controller.rb
@ -7,6 +7,8 @@ module Api
    skip_before_action :authenticate_user!
    skip_authorization_check

+    before_action :set_cors_headers
+
    def show
      blob_uuid, = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid])

--- a/app/controllers/api/api_base_controller.rb
+++ b/app/controllers/api/api_base_controller.rb
@ -59,5 +59,13 @@ module Api
    def current_account
      current_user&.account
    end
+
+    def set_cors_headers
+      headers['Access-Control-Allow-Origin'] = '*'
+      headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
+      headers['Access-Control-Allow-Headers'] = '*'
+      headers['Access-Control-Max-Age'] = '1728000'
+      headers['Access-Control-Allow-Credentials'] = true
+    end
  end
 end