diff options
author | Jochen Topf <jochen@topf.org> | 2014-10-09 09:33:40 +0200 |
---|---|---|
committer | Jochen Topf <jochen@topf.org> | 2014-10-09 09:33:40 +0200 |
commit | 3b021818504986d66055a22e1e69150c61eff6a0 (patch) | |
tree | dd3b7227c4c5e2f8105aeb86f185141fbb4d9304 /web | |
parent | a1f815958cf27fd2370ec4c369a3787585f0818c (diff) | |
download | taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar.gz |
Add config setting for CORS header.
The response header Access-Control-Allow-Origin was always set to '*' for API
URLs. This is creating some problems with Apache (see
https://github.com/openstreetmap/iD/issues/2333), so it is now configurable.
The value of the new config setting "instance.access_control_allow_origin" is
used for that header now, or, if the variable is empty, the header is not set
at all.
Diffstat (limited to 'web')
-rwxr-xr-x | web/taginfo.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/web/taginfo.rb b/web/taginfo.rb index 1ca00fe..dcb3d3e 100755 --- a/web/taginfo.rb +++ b/web/taginfo.rb @@ -138,7 +138,10 @@ class Taginfo < Sinatra::Base before '/api/*' do content_type :json expires next_update - headers['Access-Control-Allow-Origin'] = '*' + cors = TaginfoConfig.get('instance.access_control_allow_origin', '') + if cors != "" + headers['Access-Control-Allow-Origin'] = cors + end begin @ap = APIParameters.new(params) rescue ArgumentError => ex |