Don't add CORS headers for Webfinger in production

The reverse proxy should handle it.
2024-01-26 11:01:45 +03:00
parent c32fc51aab
commit 243cf9c08d
1 changed files with 3 additions and 2 deletions
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@@ -54,7 +54,8 @@ class WebfingerController < ApplicationController
  end
  def allow_cross_origin_requests
-    headers['Access-Control-Allow-Origin'] = '*'
+    return unless Rails.env.development?
-    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+    headers['Access-Control-Allow-Origin'] = "*"
    headers['Access-Control-Allow-Methods'] = "GET"
  end
 end