From 7a1bc205aae923a520498544d3fb60f8a61be85a Mon Sep 17 00:00:00 2001 From: Bill Dueber Date: Mon, 23 Sep 2024 14:07:38 -0400 Subject: [PATCH 1/2] Forget rack-cors and just set config.action_controller.forgery_protection_origin_check = false --- Gemfile | 2 -- config/application.rb | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 39bf724..cdd2be7 100644 --- a/Gemfile +++ b/Gemfile @@ -21,8 +21,6 @@ gem "aws-sdk-s3", "~> 1.160" gem "content_disposition", "~> 1.0" gem "uppy-s3_multipart", "~> 1.2" -# CORS -gem 'rack-cors' ##################################### # Try to work around brokenness on diff --git a/config/application.rb b/config/application.rb index 82f5a2b..5c5a46b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -23,6 +23,10 @@ module Dromedary class Application < Rails::Application + # CORS with rails running not-at-the-root turns out to be mostly broken. + # So we do this, which stinks. + config.action_controller.forgery_protection_origin_check = false + config.time_zone = 'Eastern Time (US & Canada)' # Initialize configuration defaults for originally generated Rails version. From 6785397178cee5e257de3570d8ba679a24eed5c6 Mon Sep 17 00:00:00 2001 From: Bill Dueber Date: Mon, 23 Sep 2024 14:18:22 -0400 Subject: [PATCH 2/2] Removed the CORS initializer --- config/initializers/cors.rb | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 config/initializers/cors.rb diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb deleted file mode 100644 index 66747e6..0000000 --- a/config/initializers/cors.rb +++ /dev/null @@ -1,7 +0,0 @@ - -Rails.application.config.middleware.insert_before 0, Rack::Cors do - allow do - origins "*" - resource '*', headers: :any, methods: [:get, :post] - end -end \ No newline at end of file