only allow cors on api routes

2016-04-06 20:09:25 +08:00 · 2016-04-06 20:09:25 +08:00 · e27d64e643
commit e27d64e643
parent 7de642ccb2
1 changed files with 1 additions and 1 deletions
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@ -1,7 +1,7 @@
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
-    resource '*',
+    resource '/api/*',
      headers: :any,
      methods: [:get, :post, :put, :delete, :options, :head]
  end