Use same CORS policy for /@:username and /users/:username (#9485)
Fixes #8189 rack-cors being called before the application router, it does not follow the redirection, and we need a separate rule for /users/:username.
This commit is contained in:
parent
ed24bb2c3e
commit
3f12c07ff5
@ -17,6 +17,10 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
|||||||
headers: :any,
|
headers: :any,
|
||||||
methods: [:get],
|
methods: [:get],
|
||||||
credentials: false
|
credentials: false
|
||||||
|
resource '/users/:username',
|
||||||
|
headers: :any,
|
||||||
|
methods: [:get],
|
||||||
|
credentials: false
|
||||||
resource '/api/*',
|
resource '/api/*',
|
||||||
headers: :any,
|
headers: :any,
|
||||||
methods: [:post, :put, :delete, :get, :patch, :options],
|
methods: [:post, :put, :delete, :get, :patch, :options],
|
||||||
|
Loading…
Reference in New Issue
Block a user