From 090525bbf7b9a65c523acd8aae0b79cb388feddd Mon Sep 17 00:00:00 2001 From: Bennett Foster Date: Thu, 18 Mar 2021 15:28:57 -0400 Subject: [PATCH] revert --- .../api/v1/registrations_controller.rb | 4 ++++ .../concerns/application_controller.rb | 2 ++ config/application.rb | 2 +- .../application_controller_renderer.rb | 23 +++++++++++++++++++ config/initializers/cors.rb | 2 +- config/routes.rb | 3 ++- 6 files changed, 33 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/registrations_controller.rb b/app/controllers/api/v1/registrations_controller.rb index 0c3a6b2..2356a14 100644 --- a/app/controllers/api/v1/registrations_controller.rb +++ b/app/controllers/api/v1/registrations_controller.rb @@ -1,5 +1,9 @@ module Api::V1 class RegistrationsController < ApplicationController + skip_before_action :verify_authenticity_token + before_filter :add_cors_headers + + def create user = User.create!( first_name: params['first_name'], diff --git a/app/controllers/concerns/application_controller.rb b/app/controllers/concerns/application_controller.rb index 59368ca..9aa95e0 100644 --- a/app/controllers/concerns/application_controller.rb +++ b/app/controllers/concerns/application_controller.rb @@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base after_action :short_session + Rails.application.config.action_controller.forgery_protection_origin_check = false + def short_session request.session_options = request.session_options.dup request.session_options[:expire_after] = 14.days diff --git a/config/application.rb b/config/application.rb index 2a67baa..38186a8 100644 --- a/config/application.rb +++ b/config/application.rb @@ -41,7 +41,7 @@ class Application < Rails::Application config.middleware.insert_before 0, Rack::Cors do allow do - origins 'https://winnow-client.herokuapp.com' + origins 'https://winnow-client.herokuapp.com', 'http://winnow-client.herokuapp.com' resource '*', :headers => :any, :methods => [:get, :post, :put, :delete, :options] end end diff --git a/config/initializers/application_controller_renderer.rb b/config/initializers/application_controller_renderer.rb index 89d2efa..329befe 100644 --- a/config/initializers/application_controller_renderer.rb +++ b/config/initializers/application_controller_renderer.rb @@ -6,3 +6,26 @@ # https: false # ) # end + +before_filter :add_cors_headers + +def add_cors_headers + origin = request.headers["Origin"] + unless (not origin.nil?) and (origin == "http://localhost" or origin.starts_with? "http://localhost:") + origin = "https://winnow-client.herokuapp.com" + end + headers['Access-Control-Allow-Origin'] = origin + headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS, PUT, DELETE' + allow_headers = request.headers["Access-Control-Request-Headers"] + if allow_headers.nil? + #shouldn't happen, but better be safe + allow_headers = 'Origin, Authorization, Accept, Content-Type' + end + headers['Access-Control-Allow-Headers'] = allow_headers + headers['Access-Control-Allow-Credentials'] = 'true' + headers['Access-Control-Max-Age'] = '1728000' +end + +def empty + render :nothing => true +end \ No newline at end of file diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 64e40c7..0f32dd7 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -7,7 +7,7 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do - origins 'https://winnow-client.herokuapp.com' + origins '*', 'https://winnow-client.herokuapp.com', 'http://winnow-client.herokuapp.com' resource '*', headers: :any, diff --git a/config/routes.rb b/config/routes.rb index 95dbc6e..a337070 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -10,8 +10,9 @@ resources :pages resources :quotes get 'pages/:book_id/:month/:day', to: 'pages#check' - + match '*path', :controller => 'application', :action => 'empty', :constraints => {:method => "OPTIONS"} end end + # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html end