sets_headers.rb 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041
  1. module ApplicationController::SetsHeaders
  2. extend ActiveSupport::Concern
  3. included do
  4. before_action :cors_preflight_check
  5. after_action :set_access_control_headers
  6. end
  7. private
  8. # For all responses in this controller, return the CORS access control headers.
  9. def set_access_control_headers
  10. return if @_auth_type != 'token_auth' && @_auth_type != 'basic_auth'
  11. set_access_control_headers_execute
  12. end
  13. def set_access_control_headers_execute
  14. headers['Access-Control-Allow-Origin'] = '*'
  15. headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, PATCH, OPTIONS'
  16. headers['Access-Control-Max-Age'] = '1728000'
  17. headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Accept-Language'
  18. end
  19. # If this is a preflight OPTIONS request, then short-circuit the
  20. # request, return only the necessary headers and return an empty
  21. # text/plain.
  22. def cors_preflight_check
  23. return true if @_auth_type != 'token_auth' && @_auth_type != 'basic_auth'
  24. cors_preflight_check_execute
  25. end
  26. def cors_preflight_check_execute
  27. return true if request.method != 'OPTIONS'
  28. headers['Access-Control-Allow-Origin'] = '*'
  29. headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, PATCH, OPTIONS'
  30. headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Accept-Language'
  31. headers['Access-Control-Max-Age'] = '1728000'
  32. render text: '', content_type: 'text/plain'
  33. false
  34. end
  35. end