Allow cross-origin

Closes #2

Gemfile

@@ -9,6 +9,7 @@ gem 'librato-rack'
 gem 'rake'
 gem 'sequel_pg'
 gem 'sinatra-jsonp'
+gem 'sinatra-cross_origin'
 gem 'unicorn'
 gem 'virtus'
 gem 'yajl-ruby'

Gemfile.lock

@@ -51,6 +51,7 @@ GEM
       rack (~> 1.4)
       rack-protection (~> 1.4)
       tilt (~> 1.3, >= 1.3.4)
+    sinatra-cross_origin (0.3.2)
     sinatra-jsonp (0.4.3)
       multi_json (~> 1.8)
       sinatra (~> 1.0)
@@ -80,6 +81,7 @@ DEPENDENCIES
   rake
   sequel_pg
   shotgun
+  sinatra-cross_origin
   sinatra-jsonp
   unicorn
   virtus

lib/api.rb

@@ -1,9 +1,13 @@
 require 'sinatra'
+require 'sinatra/cross_origin'
 require 'sinatra/jsonp'
 require 'yajl'
 require 'snapshot'
 
-set :root, File.expand_path('..', File.dirname(__FILE__))
+configure do
+  enable :cross_origin
+  set :root, File.expand_path('..', File.dirname(__FILE__))
+end
 
 configure :production do
   require 'newrelic_rpm'

spec/api_spec.rb

@@ -7,6 +7,7 @@ describe 'the API' do
 
   let(:app)  { Sinatra::Application }
   let(:json) { Yajl::Parser.new.parse last_response.body }
+  let(:headers) { last_response.headers }
 
   it 'describes itself' do
     get '/'
@@ -38,4 +39,9 @@ describe 'the API' do
     get '/2010-01-01'
     json['rates'].wont_be :empty?
   end
+
+  it 'allows cross-origin requests' do
+    get '/', {}, { 'HTTP_ORIGIN' => 'http://localhost' }
+    assert_equal 'http://localhost', headers['Access-Control-Allow-Origin']
+  end
 end