Add CORS headers

app/controllers/riiif/images_controller.rb

@@ -19,11 +19,16 @@ def show
         end
       end
       data = image.render(params.permit(:region, :size, :rotation, :quality, :format))
-      send_data data, status: status, type: Mime::Type.lookup_by_extension(params[:format]), :disposition => 'inline'
+      headers['Access-Control-Allow-Origin'] = '*'
+      send_data data,
+                status: status,
+                type: Mime::Type.lookup_by_extension(params[:format]),
+                disposition: 'inline'
     end
 
     def info
       image = model.new(image_id)
+      headers['Access-Control-Allow-Origin'] = '*'
       render json: image.info.merge(server_info), content_type: 'application/ld+json'
     end
 

spec/controllers/images_controller_spec.rb

@@ -12,11 +12,12 @@
       expect(image).to receive(:render).with("region" => 'full', "size" => 'full',
                                 "rotation" => '0', "quality" => 'default',
                                 "format" => 'jpg').and_return("IMAGEDATA")
-      get :show, id: 'abcd1234', action: "show", region: 'full', size: 'full', 
+      get :show, id: 'abcd1234', action: "show", region: 'full', size: 'full',
                  rotation: '0', quality: 'default', format: 'jpg'
       expect(response).to be_successful
       expect(response.body).to eq 'IMAGEDATA'
       expect(response.headers['Link']).to eq '<http://library.stanford.edu/iiif/image-api/1.1/compliance.html#level2>;rel="profile"'
+      expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
     end
 
     context "with a invalid region" do
@@ -103,5 +104,6 @@
       "profile" =>  "http://library.stanford.edu/iiif/image-api/1.1/compliance.html#level2"
     expect(response.headers['Link']).to eq '<http://library.stanford.edu/iiif/image-api/1.1/compliance.html#level2>;rel="profile"'
     expect(response.headers['Content-Type']).to eq 'application/ld+json; charset=utf-8'
+    expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
   end
 end