revert

bennfos · Mar 18, 2021 · 090525b · 090525b
1 parent 30e5ca1
commit 090525b
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 3 deletions.
diff --git a/app/controllers/api/v1/registrations_controller.rb b/app/controllers/api/v1/registrations_controller.rb
@@ -1,5 +1,9 @@
 module Api::V1
   class RegistrationsController < ApplicationController
+    skip_before_action :verify_authenticity_token
+    before_filter :add_cors_headers
+
+
     def create
       user = User.create!(
         first_name: params['first_name'],

diff --git a/app/controllers/concerns/application_controller.rb b/app/controllers/concerns/application_controller.rb
@@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
 
   after_action :short_session
 
+  Rails.application.config.action_controller.forgery_protection_origin_check = false
+
   def short_session
     request.session_options = request.session_options.dup
     request.session_options[:expire_after] = 14.days

diff --git a/config/application.rb b/config/application.rb
@@ -41,7 +41,7 @@ class Application < Rails::Application
 
     config.middleware.insert_before 0, Rack::Cors do
       allow do
-        origins 'https://winnow-client.herokuapp.com'
+        origins 'https://winnow-client.herokuapp.com', 'http://winnow-client.herokuapp.com'
         resource '*', :headers => :any, :methods => [:get, :post, :put, :delete, :options]
       end
     end

diff --git a/config/initializers/application_controller_renderer.rb b/config/initializers/application_controller_renderer.rb
@@ -6,3 +6,26 @@
 #     https: false
 #   )
 # end
+
+before_filter :add_cors_headers
+
+def add_cors_headers
+  origin = request.headers["Origin"]
+  unless (not origin.nil?) and (origin == "http://localhost" or origin.starts_with? "http://localhost:")
+    origin = "https://winnow-client.herokuapp.com"
+  end
+  headers['Access-Control-Allow-Origin'] = origin
+  headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS, PUT, DELETE'
+  allow_headers = request.headers["Access-Control-Request-Headers"]
+  if allow_headers.nil?
+    #shouldn't happen, but better be safe
+    allow_headers = 'Origin, Authorization, Accept, Content-Type'
+  end
+  headers['Access-Control-Allow-Headers'] = allow_headers
+  headers['Access-Control-Allow-Credentials'] = 'true'
+  headers['Access-Control-Max-Age'] = '1728000'
+end
+
+def empty
+  render :nothing => true
+end
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -7,7 +7,7 @@
 
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
-    origins 'https://winnow-client.herokuapp.com'
+    origins '*', 'https://winnow-client.herokuapp.com', 'http://winnow-client.herokuapp.com'
 
     resource '*',
       headers: :any,

diff --git a/config/routes.rb b/config/routes.rb
@@ -10,8 +10,9 @@
       resources :pages
       resources :quotes
       get 'pages/:book_id/:month/:day', to: 'pages#check'
-
+      match '*path', :controller => 'application', :action => 'empty', :constraints => {:method => "OPTIONS"}
     end
   end
+
   # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
 end