Skip to content

Commit

Permalink
FEATURE: Updated CORS config to explicitly specifyhttp methods
Browse files Browse the repository at this point in the history 
See: https://stackoverflow.com/questions/20478312/default-value-for-access-control-allow-methods 

In particular we now explicitly allow DELETE and PUT which is inconsistently allowed depending on browser
  • Loading branch information
@CheshireVillageSoftware @SamSaffron
CheshireVillageSoftware authored and SamSaffron committed Sep 17, 2018
1 parent 4f46aa1 commit f321488
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions config/initializers/008-rack-cors.rb
View file
Expand Up @@ -41,6 +41,7 @@ def self.apply_headers(cors_origins, env, headers)
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
headers['Access-Control-Allow-Headers'] = 'Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
end

headers
Expand Down

1 comment on commit f321488

@discoursebot
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/http-put-request-error/101604/3

Please sign in to comment.