discourse/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-09 14:34:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Updated CORS config to explicitly specifyhttp methods

Browse Source 
See: https://stackoverflow.com/questions/20478312/default-value-for-access-control-allow-methods 

In particular we now explicitly allow DELETE and PUT which is inconsistently allowed depending on browser
This commit is contained in:
CheshireVillageSoftware 2018-09-16 18:01:08 -07:00 committed by Sam
parent 4f46aa1ba3
commit f3214889dc
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/initializers/008-rack-cors.rb
View File

@ -41,6 +41,7 @@ class Discourse::Cors
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
headers['Access-Control-Allow-Headers'] = 'Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
end
headers