Add config setting for CORS header.

The response header Access-Control-Allow-Origin was always set to '*' for API URLs. This is creating some problems with Apache (see https://github.com/openstreetmap/iD/issues/2333), so it is now configurable. The value of the new config setting "instance.access_control_allow_origin" is used for that header now, or, if the variable is empty, the header is not set at all.
author: Jochen Topf <jochen@topf.org> 2014-10-09 09:33:40 +0200
committer: Jochen Topf <jochen@topf.org> 2014-10-09 09:33:40 +0200
commit: 3b021818504986d66055a22e1e69150c61eff6a0 (patch)
tree: dd3b7227c4c5e2f8105aeb86f185141fbb4d9304 /web
parent: a1f815958cf27fd2370ec4c369a3787585f0818c (diff)
download: taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar
taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/web/taginfo.rb b/web/taginfo.rb
index 1ca00fe..dcb3d3e 100755
--- a/web/taginfo.rb
+++ b/web/taginfo.rb
@@ -138,7 +138,10 @@ class Taginfo < Sinatra::Base
     before '/api/*' do
         content_type :json
         expires next_update
-        headers['Access-Control-Allow-Origin'] = '*'
+        cors = TaginfoConfig.get('instance.access_control_allow_origin', '')
+        if cors != ""
+            headers['Access-Control-Allow-Origin'] = cors
+        end
         begin
             @ap = APIParameters.new(params)
         rescue ArgumentError => ex
author	Jochen Topf <jochen@topf.org>	2014-10-09 09:33:40 +0200
committer	Jochen Topf <jochen@topf.org>	2014-10-09 09:33:40 +0200
commit	3b021818504986d66055a22e1e69150c61eff6a0 (patch)
tree	dd3b7227c4c5e2f8105aeb86f185141fbb4d9304 /web
parent	a1f815958cf27fd2370ec4c369a3787585f0818c (diff)
download	taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar taginfo-3b021818504986d66055a22e1e69150c61eff6a0.tar.gz