ERROR_ACTIONS = [:render_error, :render_not_found]
+ before_filter :set_cors_headers
before_filter :respond_with_json_by_default
before_filter :remote_ip
before_filter :load_read_auths
end
end
+ def set_cors_headers
+ response.headers['Access-Control-Allow-Origin'] = '*'
+ response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
+ response.headers['Access-Control-Allow-Headers'] = 'Authorization'
+ response.headers['Access-Control-Max-Age'] = '86486400'
+ end
+
def respond_with_json_by_default
html_index = request.accepts.index(Mime::HTML)
if html_index.nil? or request.accepts[0...html_index].include?(Mime::JSON)
skip_before_filter :find_object_by_uuid
skip_before_filter :render_404_if_no_object
- skip_before_filter :require_auth_scope, :only => [ :home, :login_failure ]
+ skip_before_filter :require_auth_scope, only: [:home, :empty, :login_failure]
def home
respond_to do |f|
end
end
+ def empty
+ render text: "-"
+ end
+
end
class UserSessionsController < ApplicationController
before_filter :require_auth_scope, :only => [ :destroy ]
+ skip_before_filter :set_cors_headers
skip_before_filter :find_object_by_uuid
skip_before_filter :render_404_if_no_object
# See http://guides.rubyonrails.org/routing.html
+ # OPTIONS requests just get an empty response with CORS headers.
+ match '*a', :to => 'static#empty', :via => 'OPTIONS'
+
namespace :arvados do
namespace :v1 do
resources :api_client_authorizations do