From 243cf9c08d9fcce911a94dacef7c1a4d04ce2d45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 11:01:45 +0300 Subject: [PATCH] Don't add CORS headers for Webfinger in production The reverse proxy should handle it. --- app/controllers/webfinger_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/webfinger_controller.rb b/app/controllers/webfinger_controller.rb index be50ebd..02c40f9 100644 --- a/app/controllers/webfinger_controller.rb +++ b/app/controllers/webfinger_controller.rb @@ -54,7 +54,8 @@ class WebfingerController < ApplicationController end def allow_cross_origin_requests - headers['Access-Control-Allow-Origin'] = '*' - headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS' + return unless Rails.env.development? + headers['Access-Control-Allow-Origin'] = "*" + headers['Access-Control-Allow-Methods'] = "GET" end end