From a89018db878f44f0a9a05ce3380047405cc722ed Mon Sep 17 00:00:00 2001
From: slainer68 <slainer68@gmail.com>
Date: Sun, 9 Feb 2014 23:11:52 -0800
Subject: [PATCH] Use GlobalSetting to enable CORS at application level

---
 config/discourse_defaults.conf      | 6 +++++-
 config/initializers/08-rack-cors.rb | 9 +++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/config/discourse_defaults.conf b/config/discourse_defaults.conf
index c7662b9ee53..ebaa77e5d6f 100644
--- a/config/discourse_defaults.conf
+++ b/config/discourse_defaults.conf
@@ -68,7 +68,7 @@ enable_mini_profiler = true
 # recommended, cdn used to access assets
 cdn_url =
 
-# comma delimited list of emails that have devloper level access
+# comma delimited list of emails that have developer level access
 developer_emails =
 
 # redis server address
@@ -82,3 +82,7 @@ redis_db = 0
 
 # redis password
 redis_password =
+
+# enable Cross-origin Resource Sharing (CORS) directly at the application level
+enable_cors = false
+cors_origin = '*'
diff --git a/config/initializers/08-rack-cors.rb b/config/initializers/08-rack-cors.rb
index cf66e1594f2..2d4c51a4781 100644
--- a/config/initializers/08-rack-cors.rb
+++ b/config/initializers/08-rack-cors.rb
@@ -1,13 +1,10 @@
-if Rails.configuration.respond_to?(:enable_rack_cors) && Rails.configuration.enable_rack_cors
+if GlobalSetting.enable_cors
   require 'rack/cors'
 
-  cors_origins  = Rails.configuration.respond_to?(:rack_cors_origins) ? Rails.configuration.rack_cors_origins : ['*']
-  cors_resource = Rails.configuration.respond_to?(:rack_cors_resource) ? Rails.configuration.rack_cors_resource : ['*', { headers: :any, methods: [:get, :post, :options] }]
-
   Rails.configuration.middleware.use Rack::Cors do
     allow do
-      origins *cors_origins
-      resource *cors_resource
+      origins GlobalSetting.cors_origin
+      resource '*', headers: :any, methods: [:get, :post, :options]
     end
   end
 end