Added a basic CORS options for api/*

This commit is contained in:
Tom Bloor 2017-04-25 19:47:50 +01:00
parent f3ec371388
commit 1cd92d1e12

View file

@ -112,6 +112,17 @@ sub startup {
my $api_public_get = $r->under('/api');
$api_public_get->get('/info/ages')->to('api-info#get_ages');
$api_public_get->options('*' => sub {
my $self = shift;
$self->res->headers->header('Access-Control-Allow-Origin'=> 'http://localhost:7000');
$self->res->headers->header('Access-Control-Allow-Credentials' => 'true');
$self->res->headers->header('Access-Control-Allow-Methods' => 'GET, OPTIONS, POST, DELETE, PUT');
$self->res->headers->header('Access-Control-Allow-Headers' => 'Content-Type, X-CSRF-Token');
$self->res->headers->header('Access-Control-Max-Age' => '1728000');
$self->respond_to(any => { data => '', status => 200 });
});
# Always available api routes
my $api_public = $r->under('/api')->to('api-auth#check_json');