/
_application_controller.rb
55 lines (43 loc) · 1.43 KB
/
_application_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
class ApplicationController < ActionController::API
include ActionController::ImplicitRender
acts_as_token_authentication_handler_for User, fallback_to_devise: false
before_action :authenticate_api_user!
respond_to :json
def auth_preflight
head 200
end
### CORS Headers
# before_action :set_origin
# before_action :set_headers
# def cors_preflight_check
# if request.method == :options
# headers['Access-Control-Allow-Origin'] = '*'
# headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS'
# headers['Access-Control-Allow-Headers'] = 'Content-Type'
# render text: '', content_type: 'text/plain'
# end
# end
private
# def set_origin
# @origin = request.headers['HTTP_ORIGIN']
# end
#
# def set_headers
#
# if @origin
# allowed = ['lvh.me:3500', 'localhost:3500', 'your.domain.com']
# allowed.each do |host|
# if @origin.match /^https?:\/\/#{Regexp.escape(host)}/i
# headers['Access-Control-Allow-Origin'] = @origin
# break
# end
# end
# # or '*' for public access
# # headers['Access-Control-Allow-Origin'] = '*'
# headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE'
# headers['Access-Control-Request-Method'] = '*'
# headers['Access-Control-Allow-Headers'] = 'Content-Type'
# end
#
# end
end