Add CORS to /message

app/controllers/messages_controller.rb

@@ -1,7 +1,7 @@
 class MessagesController < ApplicationController
   include CompletionsConcern
 
-  skip_before_action :verify_authenticity_token, only: %i[ create ]
+  skip_before_action :verify_authenticity_token, only: %i[ create cors_preflight_check ]
 
   before_action :set_contest, only: %i[ convert destroy ]
   before_action :set_message, only: %i[ convert destroy ]
@@ -11,9 +11,24 @@ class MessagesController < ApplicationController
     super + [ "completions" ]
   end
 
+  def cors_set_access_control_headers
+    response.set_header("Access-Control-Allow-Origin", "https://meet.google.com")
+    response.set_header("Access-Control-Allow-Credentials", "true")
+    response.set_header("Access-Control-Allow-Methods", "POST")
+    response.set_header("Access-Control-Allow-Headers", "*")
+    response.set_header("Access-Control-Max-Age", "86400")
+  end
+
+  def cors_preflight_check
+    allow_unauthenticated_access
+    skip_authorization
+    cors_set_access_control_headers
+  end
+
   def create
     allow_unauthenticated_access
     skip_authorization
+    cors_set_access_control_headers
 
     @message_params = message_params
     @contest = Contest.find_by_token_for(:token, params[:token])

config/routes.rb

@@ -24,6 +24,7 @@ Rails.application.routes.draw do
   resource :session
   resources :users
 
+  options "message", to: "messages#cors_preflight_check"
   post "message", to: "messages#create"
 
   get "public/:id", to: "contests#scoreboard"