Commit 6edb4c0634740e4231e5939b13fd696b6823b3de
1 parent
23d180f5
Exists in
master
and in
4 other branches
Allow Cross-origin resource sharing for GitLab API
It will allow to write web applications on other domains to interact with GitLab instances Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
3 changed files
with
11 additions
and
0 deletions
Show diff stats
Gemfile
| ... | ... | @@ -44,6 +44,7 @@ gem "gitlab-linguist", "~> 2.9.6", require: "linguist" |
| 44 | 44 | # API |
| 45 | 45 | gem "grape", "~> 0.4.1" |
| 46 | 46 | gem "grape-entity", "~> 0.3.0" |
| 47 | +gem 'rack-cors', require: 'rack/cors' | |
| 47 | 48 | |
| 48 | 49 | # Format dates and times |
| 49 | 50 | # based on human-friendly examples | ... | ... |
Gemfile.lock
| ... | ... | @@ -335,6 +335,7 @@ GEM |
| 335 | 335 | rack |
| 336 | 336 | rack-cache (1.2) |
| 337 | 337 | rack (>= 0.4) |
| 338 | + rack-cors (0.2.9) | |
| 338 | 339 | rack-mini-profiler (0.1.31) |
| 339 | 340 | rack (>= 1.1.3) |
| 340 | 341 | rack-mount (0.8.3) |
| ... | ... | @@ -610,6 +611,7 @@ DEPENDENCIES |
| 610 | 611 | pry |
| 611 | 612 | quiet_assets (~> 1.0.1) |
| 612 | 613 | rack-attack |
| 614 | + rack-cors | |
| 613 | 615 | rack-mini-profiler |
| 614 | 616 | rails (= 3.2.16) |
| 615 | 617 | rails-dev-tweaks | ... | ... |
config/application.rb
| ... | ... | @@ -79,5 +79,13 @@ module Gitlab |
| 79 | 79 | # config.relative_url_root = "/gitlab" |
| 80 | 80 | |
| 81 | 81 | config.middleware.use Rack::Attack |
| 82 | + | |
| 83 | + # Allow access to GitLab API from other domains | |
| 84 | + config.middleware.use Rack::Cors do | |
| 85 | + allow do | |
| 86 | + origins '*' | |
| 87 | + resource '/api/*', headers: :any, methods: [:get, :post, :options, :put] | |
| 88 | + end | |
| 89 | + end | |
| 82 | 90 | end |
| 83 | 91 | end | ... | ... |