FIX: cors setting was broken

Some days I wonder why we bother taking a whole gem dependency when 10 lines of code does the job right
2025-02-25 18:55:32 -06:00 · 2014-07-23 17:03:52 +10:00
parent 1b733ff936
commit 46c406360d
3 changed files with 19 additions and 10 deletions
--- a/config/initializers/08-rack-cors.rb
+++ b/config/initializers/08-rack-cors.rb
@@ -1,10 +1,23 @@
-if GlobalSetting.enable_cors
-  require 'rack/cors'
+if GlobalSetting.enable_cors && GlobalSetting.cors_origin.present?

-  Rails.configuration.middleware.use Rack::Cors do
-    allow do
-      origins GlobalSetting.cors_origin.split(',').map(&:strip)
-      resource '*', headers: :any, methods: [:get, :post, :options]
+  class Discourse::Cors
+    def initialize(app, options = nil)
+      @app = app
+      @origins = GlobalSetting.cors_origin.split(',').map(&:strip)
+    end
+
+    def call(env)
+      status, headers, body = @app.call(env)
+      origin = nil
+
+      if origin = env['HTTP_ORIGIN']
+        origin = nil unless @origins.include? origin
+      end
+
+      headers['Access-Control-Allow-Origin'] = origin || @origins[0]
+      [status,headers,body]
    end
  end
+
+  Rails.configuration.middleware.insert 0, Discourse::Cors
 end