Use same CORS policy for /@:username and /users/:username (mastodon#9485

) Fixes mastodon#8189 rack-cors being called before the application router, it does not follow the redirection, and we need a separate rule for /users/:username.
ProjectMyosotis · Oct 2, 2019 · 2c4a319 · 2c4a319
1 parent 26e632a
commit 2c4a319
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -17,6 +17,10 @@
       headers: :any,
       methods: [:get],
       credentials: false
+    resource '/users/:username',
+      headers: :any,
+      methods: [:get],
+      credentials: false
     resource '/api/*',
       headers: :any,
       methods: [:post, :put, :delete, :get, :patch, :options],