Merge remote-tracking branch 'knewter/feature/allow_api_access'

fatfreecrm · Dec 5, 2016 · 0207fd7 · 0207fd7
2 parents ea0ac63 + c9c4a65
commit 0207fd7
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -8,8 +8,10 @@ class ApplicationController < ActionController::Base
 
   before_action :set_context
   before_action :clear_setting_cache
+  before_action :cors_preflight_check
   before_action "hook(:app_before_filter, self)"
   after_action "hook(:app_after_filter,  self)"
+  after_action :cors_set_access_control_headers
 
   helper_method :current_user_session, :current_user, :can_signup?
   helper_method :called_from_index_page?, :called_from_landing_page?
@@ -253,4 +255,22 @@ def redirection_url
             login_url
     end
   end
+
+  def cors_set_access_control_headers
+    headers['Access-Control-Allow-Origin'] = '*'
+    headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
+    headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token'
+    headers['Access-Control-Max-Age'] = "1728000"
+  end
+
+  def cors_preflight_check
+    if request.method == 'OPTIONS'
+      headers['Access-Control-Allow-Origin'] = '*'
+      headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
+      headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token'
+      headers['Access-Control-Max-Age'] = '1728000'
+
+      render :text => '', :content_type => 'text/plain'
+    end
+  end
 end
diff --git a/app/models/users/authentication.rb b/app/models/users/authentication.rb
@@ -6,6 +6,7 @@
 class Authentication < Authlogic::Session::Base # NOTE: This is not ActiveRecord model.
   authenticate_with User
   after_save :check_if_suspended
+  single_access_allowed_request_types :any
 
   def to_key
     id ? id : nil