diff --git a/lib/api.rb b/lib/api.rb index 081c9a9..aa7c232 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -13,6 +13,13 @@ configure :production do require 'newrelic_rpm' end +use Rack::Cors do |config| + config.allow do + origins '*' + resource '*', headers: :any, methods: :get + end +end + helpers do def quote @quote ||= Quote.new(params).attributes.tap do |data| diff --git a/spec/api_spec.rb b/spec/api_spec.rb index 922efd4..c79b7df 100644 --- a/spec/api_spec.rb +++ b/spec/api_spec.rb @@ -53,15 +53,17 @@ describe 'the API' do %w(/ /latest /2012-11-20).each do |path| header 'Origin', '*' get path - refute_empty headers['Access-Control-Allow-Methods'] + assert headers.key?('Access-Control-Allow-Methods') end end it 'responds to preflight requests' do %w(/ /latest /2012-11-20).each do |path| header 'Origin', '*' + header 'Access-Control-Request-Method', 'GET' + header 'Access-Control-Request-Headers', 'Content-Type' options path - refute_empty headers['Access-Control-Allow-Methods'] + assert headers.key?('Access-Control-Allow-Methods') end end end