Set CORS headers for all .well-known responses

So we don't have to consider it for reverse proxies etc.
2024-09-10 16:06:11 +02:00
parent 45137e0cfe
commit af3da0a26c
4 changed files with 21 additions and 9 deletions
--- a/spec/requests/webfinger_spec.rb
+++ b/spec/requests/webfinger_spec.rb
@@ -94,6 +94,12 @@ RSpec.describe "WebFinger", type: :request do
          oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
          expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony")
        end
+
+        it "returns CORS headers" do
+          get "/.well-known/nostr.json?name=bobdylan"
+          expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
+          expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
+        end
      end

      context "remoteStorage not enabled for user" do