API: Add APIHandler back
This handler should no have been removed in 4276, as it adds the required CORS header (Access-Control-Allow-Origin) for public acces to the API. Thanks to iBicha for noticing this!
This commit is contained in:
parent
5c0b6d8afa
commit
7b84bdb29b
|
@ -217,6 +217,7 @@ public_folder "assets"
|
|||
|
||||
Kemal.config.powered_by_header = false
|
||||
add_handler FilteredCompressHandler.new
|
||||
add_handler APIHandler.new
|
||||
add_handler AuthHandler.new
|
||||
add_handler DenyFrame.new
|
||||
add_context_storage_type(Array(String))
|
||||
|
|
|
@ -134,6 +134,19 @@ class AuthHandler < Kemal::Handler
|
|||
end
|
||||
end
|
||||
|
||||
class APIHandler < Kemal::Handler
|
||||
{% for method in %w(GET POST PUT HEAD DELETE PATCH OPTIONS) %}
|
||||
only ["/api/v1/*"], {{method}}
|
||||
{% end %}
|
||||
exclude ["/api/v1/auth/notifications"], "GET"
|
||||
exclude ["/api/v1/auth/notifications"], "POST"
|
||||
|
||||
def call(env)
|
||||
env.response.headers["Access-Control-Allow-Origin"] = "*" if only_match?(env)
|
||||
call_next env
|
||||
end
|
||||
end
|
||||
|
||||
class DenyFrame < Kemal::Handler
|
||||
exclude ["/embed/*"]
|
||||
|
||||
|
|
Loading…
Reference in New Issue