QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-07 14:31:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
69f4e47d68dd6b7ed6eaee9589964c90a554c730
sure/config/initializers/cors.rb
Juan José Mata ef4f5f7b8b feat: CORS support (#813) 
* feat: Add CORS support for Flutter mobile client

Add rack-cors gem and configure CORS for API and OAuth endpoints
to enable cross-origin requests from mobile clients and other
external applications.

https://claude.ai/code/session_01RJ6MKLkjBv7x5AQLEUn8AF

* feat: Add /sessions/* to CORS for webview authentication

Enable CORS for session endpoints to support webview-based
authentication flows in the Flutter mobile client.

https://claude.ai/code/session_01RJ6MKLkjBv7x5AQLEUn8AF

* test: Add integration tests for CORS configuration

Test that CORS middleware is configured and returns proper headers
for API, OAuth, and session endpoints including preflight requests.

https://claude.ai/code/session_01RJ6MKLkjBv7x5AQLEUn8AF

* Gemfile.lock

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-01-28 17:25:02 +01:00

37 lines
1.2 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
# CORS configuration for API access from mobile clients (Flutter) and other external apps.
#
# This enables Cross-Origin Resource Sharing for the /api, /oauth, and /sessions endpoints,
# allowing the Flutter mobile client and other authorized clients to communicate
# with the Rails backend.
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
# Allow requests from any origin for API endpoints
# Mobile apps and development environments need flexible CORS
origins "*"
# API endpoints for mobile client and third-party integrations
resource "/api/*",
headers: :any,
methods: %i[get post put patch delete options head],
expose: %w[X-Request-Id X-Runtime],
max_age: 86400
# OAuth endpoints for authentication flows
resource "/oauth/*",
headers: :any,
methods: %i[get post put patch delete options head],
expose: %w[X-Request-Id X-Runtime],
max_age: 86400
# Session endpoints for webview-based authentication
resource "/sessions/*",
headers: :any,
methods: %i[get post delete options head],
expose: %w[X-Request-Id X-Runtime],
max_age: 86400
end
end
Reference in New Issue View Git Blame Copy Permalink