Don't add CORS headers for Webfinger in production

The reverse proxy should handle it.
2024-01-26 11:01:45 +03:00 · 2024-01-26 11:01:45 +03:00 · 243cf9c08d
commit 243cf9c08d
parent c32fc51aab
1 changed files with 3 additions and 2 deletions
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@ -54,7 +54,8 @@ class WebfingerController < ApplicationController
  end

  def allow_cross_origin_requests
-    headers['Access-Control-Allow-Origin'] = '*'
-    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+    return unless Rails.env.development?
+    headers['Access-Control-Allow-Origin'] = "*"
+    headers['Access-Control-Allow-Methods'] = "GET"
  end
 end