From 281938dd6458f4ffc1617547bfb080675d5a0b27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 22 Jan 2024 15:35:13 +0300 Subject: [PATCH] Only set API CORS headers in development In production, this is the reverse proxy's responsibility --- app/controllers/api/btcpay_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/api/btcpay_controller.rb b/app/controllers/api/btcpay_controller.rb index f721c1d..94759fb 100644 --- a/app/controllers/api/btcpay_controller.rb +++ b/app/controllers/api/btcpay_controller.rb @@ -29,6 +29,7 @@ class Api::BtcpayController < Api::BaseController end def set_cors_access_control_headers + return unless Rails.env.development? headers['Access-Control-Allow-Origin'] = "*" headers['Access-Control-Allow-Headers'] = "*" headers['Access-Control-Allow-Methods'] = "GET"