Only set API CORS headers in development

In production, this is the reverse proxy's responsibility
2024-01-22 15:35:13 +03:00 · 2024-01-22 15:35:13 +03:00 · 281938dd64
commit 281938dd64
parent fafc5d8f6f
1 changed files with 1 additions and 0 deletions
--- a/app/controllers/api/btcpay_controller.rb
+++ b/app/controllers/api/btcpay_controller.rb
@ -29,6 +29,7 @@ class Api::BtcpayController < Api::BaseController
    end

    def set_cors_access_control_headers
+      return unless Rails.env.development?
      headers['Access-Control-Allow-Origin'] = "*"
      headers['Access-Control-Allow-Headers'] = "*"
      headers['Access-Control-Allow-Methods'] = "GET"