From e56dcb59c08cf8801be996513c1f8dd6124cb320 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Sun, 10 Mar 2024 15:54:44 +0200
Subject: [PATCH] add cors headers on API error

---
 app/controllers/errors_controller.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index 8d422205..b3619b70 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -22,6 +22,8 @@ class ErrorsController < ActionController::Base
 
     respond_to do |f|
       f.json do
+        set_cors_headers
+
         render json: { status: error_status_code }, status: error_status_code
       end
 
@@ -31,6 +33,14 @@ class ErrorsController < ActionController::Base
 
   private
 
+  def set_cors_headers
+    headers['Access-Control-Allow-Origin'] = '*'
+    headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
+    headers['Access-Control-Allow-Headers'] = '*'
+    headers['Access-Control-Max-Age'] = '1728000'
+    headers['Access-Control-Allow-Credentials'] = true
+  end
+
   def error_status_code
     @error_status_code ||=
       ActionDispatch::ExceptionWrapper.new(request.env,