diff --git a/Gemfile b/Gemfile index b30bf88..887a3e2 100644 --- a/Gemfile +++ b/Gemfile @@ -9,6 +9,7 @@ gem 'librato-rack' gem 'rake' gem 'sequel_pg' gem 'sinatra-jsonp' +gem 'sinatra-cross_origin' gem 'unicorn' gem 'virtus' gem 'yajl-ruby' diff --git a/Gemfile.lock b/Gemfile.lock index 74f5500..225d381 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -51,6 +51,7 @@ GEM rack (~> 1.4) rack-protection (~> 1.4) tilt (~> 1.3, >= 1.3.4) + sinatra-cross_origin (0.3.2) sinatra-jsonp (0.4.3) multi_json (~> 1.8) sinatra (~> 1.0) @@ -80,6 +81,7 @@ DEPENDENCIES rake sequel_pg shotgun + sinatra-cross_origin sinatra-jsonp unicorn virtus diff --git a/lib/api.rb b/lib/api.rb index 9021b6d..eea718e 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -1,9 +1,13 @@ require 'sinatra' +require 'sinatra/cross_origin' require 'sinatra/jsonp' require 'yajl' require 'snapshot' -set :root, File.expand_path('..', File.dirname(__FILE__)) +configure do + enable :cross_origin + set :root, File.expand_path('..', File.dirname(__FILE__)) +end configure :production do require 'newrelic_rpm' diff --git a/spec/api_spec.rb b/spec/api_spec.rb index 01cea14..e05f6c3 100644 --- a/spec/api_spec.rb +++ b/spec/api_spec.rb @@ -7,6 +7,7 @@ describe 'the API' do let(:app) { Sinatra::Application } let(:json) { Yajl::Parser.new.parse last_response.body } + let(:headers) { last_response.headers } it 'describes itself' do get '/' @@ -38,4 +39,9 @@ describe 'the API' do get '/2010-01-01' json['rates'].wont_be :empty? end + + it 'allows cross-origin requests' do + get '/', {}, { 'HTTP_ORIGIN' => 'http://localhost' } + assert_equal 'http://localhost', headers['Access-Control-Allow-Origin'] + end end