• Steven Hancock's avatar
    Cross-Origin Resource Sharing · f2922c94
    Steven Hancock authored
    Remove partial support for CORS on webfinger routes and replace
    it with the Rack::Cors middleware. This provides more complete
    CORS support and works around a caching issue with nginx on
    Heroku and potentially other reverse proxies.
    CORS headers are only added if the incoming request includes
    an "Origin" header, which seems to be correct according to
    the CORS spec.
    closes #2216
cors.rb 161 Bytes