Allow Cross-origin resource sharing for GitLab API

It will allow to write web applications on other domains to interact with GitLab instances Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Allow Cross-origin resource sharing for GitLab API
It will allow to write web applications on other domains to interact with GitLab instances Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 23d180f5
Showing 3 changed files with 11 additions and 0 deletions Show diff stats
Gemfile
Gemfile.lock
config/application.rb
@@ -44,6 +44,7 @@ gem &quot;gitlab-linguist&quot;, &quot;~&gt; 2.9.6&quot;, require: &quot;linguist&quot;
 # API
 gem "grape", "~> 0.4.1"
 gem "grape-entity", "~> 0.3.0"
+gem 'rack-cors', require: 'rack/cors'
 # Format dates and times
 # based on human-friendly examples
@@ -335,6 +335,7 @@ GEM
       rack
     rack-cache (1.2)
       rack (>= 0.4)
+    rack-cors (0.2.9)
     rack-mini-profiler (0.1.31)
       rack (>= 1.1.3)
     rack-mount (0.8.3)
@@ -610,6 +611,7 @@ DEPENDENCIES
   pry
   quiet_assets (~> 1.0.1)
   rack-attack
+  rack-cors
   rack-mini-profiler
   rails (= 3.2.16)
   rails-dev-tweaks
@@ -79,5 +79,13 @@ module Gitlab
     # config.relative_url_root = "/gitlab"
     config.middleware.use Rack::Attack
+
+    # Allow access to GitLab API from other domains
+    config.middleware.use Rack::Cors do
+      allow do
+        origins '*'
+        resource '/api/*', headers: :any, methods: [:get, :post, :options, :put]
+      end
+    end
   end
 end
	@@ -44,6 +44,7 @@ gem "gitlab-linguist", "~> 2.9.6", require: "linguist"		@@ -44,6 +44,7 @@ gem "gitlab-linguist", "~> 2.9.6", require: "linguist"
44	# API	44	# API
45	gem "grape", "~> 0.4.1"	45	gem "grape", "~> 0.4.1"
46	gem "grape-entity", "~> 0.3.0"	46	gem "grape-entity", "~> 0.3.0"
		47	+gem 'rack-cors', require: 'rack/cors'
47		48
48	# Format dates and times	49	# Format dates and times
49	# based on human-friendly examples	50	# based on human-friendly examples
	@@ -335,6 +335,7 @@ GEM		@@ -335,6 +335,7 @@ GEM
335	rack	335	rack
336	rack-cache (1.2)	336	rack-cache (1.2)
337	rack (>= 0.4)	337	rack (>= 0.4)
		338	+ rack-cors (0.2.9)
338	rack-mini-profiler (0.1.31)	339	rack-mini-profiler (0.1.31)
339	rack (>= 1.1.3)	340	rack (>= 1.1.3)
340	rack-mount (0.8.3)	341	rack-mount (0.8.3)
	@@ -610,6 +611,7 @@ DEPENDENCIES		@@ -610,6 +611,7 @@ DEPENDENCIES
610	pry	611	pry
611	quiet_assets (~> 1.0.1)	612	quiet_assets (~> 1.0.1)
612	rack-attack	613	rack-attack
		614	+ rack-cors
613	rack-mini-profiler	615	rack-mini-profiler
614	rails (= 3.2.16)	616	rails (= 3.2.16)
615	rails-dev-tweaks	617	rails-dev-tweaks
	@@ -79,5 +79,13 @@ module Gitlab		@@ -79,5 +79,13 @@ module Gitlab
79	# config.relative_url_root = "/gitlab"	79	# config.relative_url_root = "/gitlab"
80		80
81	config.middleware.use Rack::Attack	81	config.middleware.use Rack::Attack
		82	+
		83	+ # Allow access to GitLab API from other domains
		84	+ config.middleware.use Rack::Cors do
		85	+ allow do
		86	+ origins '*'
		87	+ resource '/api/*', headers: :any, methods: [:get, :post, :options, :put]
		88	+ end
		89	+ end
82	end	90	end
83	end	91	end