From 989f4cdd407656aec93c873147caf117a86a8498 Mon Sep 17 00:00:00 2001 From: sto Date: Fri, 13 Jun 2025 18:53:29 +0200 Subject: [PATCH] Add CORS to /message --- app/controllers/messages_controller.rb | 17 ++++++++++++++++- config/routes.rb | 1 + 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index a698e5d..2486899 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -1,7 +1,7 @@ class MessagesController < ApplicationController include CompletionsConcern - skip_before_action :verify_authenticity_token, only: %i[ create ] + skip_before_action :verify_authenticity_token, only: %i[ create cors_preflight_check ] before_action :set_contest, only: %i[ convert destroy ] before_action :set_message, only: %i[ convert destroy ] @@ -11,9 +11,24 @@ class MessagesController < ApplicationController super + [ "completions" ] end + def cors_set_access_control_headers + response.set_header("Access-Control-Allow-Origin", "https://meet.google.com") + response.set_header("Access-Control-Allow-Credentials", "true") + response.set_header("Access-Control-Allow-Methods", "POST") + response.set_header("Access-Control-Allow-Headers", "*") + response.set_header("Access-Control-Max-Age", "86400") + end + + def cors_preflight_check + allow_unauthenticated_access + skip_authorization + cors_set_access_control_headers + end + def create allow_unauthenticated_access skip_authorization + cors_set_access_control_headers @message_params = message_params @contest = Contest.find_by_token_for(:token, params[:token]) diff --git a/config/routes.rb b/config/routes.rb index 80e3341..ff06d9a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -24,6 +24,7 @@ Rails.application.routes.draw do resource :session resources :users + options "message", to: "messages#cors_preflight_check" post "message", to: "messages#create" get "public/:id", to: "contests#scoreboard"