fix: CORS allow * on external (#108)

2026-04-19 22:05:07 +00:00 · 2025-12-15 14:29:22 -05:00 · 2025-12-15 14:29:22 -05:00 · 54670597cf
commit 54670597cf
parent 92eebe783b
2 changed files with 16 additions and 0 deletions
--- a/app/controllers/api/external/identities_controller.rb
+++ b/app/controllers/api/external/identities_controller.rb
@ -1,6 +1,8 @@
 module API
  module External
    class IdentitiesController < ApplicationController
+      before_action :set_cors_headers, only: %i[check options]
+
      def check
        ident = if (public_id = params[:idv_id]).present?
                  Identity.find_by_public_id(public_id)
@ -30,6 +32,19 @@ module API
          result:
        }
      end
+
+      def options = head :ok
+
+      private
+
+      def set_cors_headers
+        response.set_header("Access-Control-Allow-Origin", "*")
+        response.set_header("Access-Control-Allow-Methods", "GET, OPTIONS")
+        response.set_header(
+          "Access-Control-Allow-Headers",
+          "Content-Type, Authorization"
+        )
+      end
    end
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -343,6 +343,7 @@ Rails.application.routes.draw do
    end
    namespace :external do
      get "/check", to: "identities#check"
+      options "/check", to: "identities#options"
    end
  end