From e27d64e64384a432297f2446683b782eb4e860d1 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Wed, 6 Apr 2016 20:09:25 +0800
Subject: [PATCH] only allow cors on api routes

---
 config/initializers/cors.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 6fd69b6a..092bbeaf 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -1,7 +1,7 @@
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
     origins '*'
-    resource '*',
+    resource '/api/*',
       headers: :any,
       methods: [:get, :post, :put, :delete, :options, :head]
   end