[openstreetmap-website] Allow cross-origin request to API (#138)

John Firebaugh notifications at github.com
Mon Oct 22 15:33:20 GMT 2012

> @@ -72,6 +72,14 @@ class Application < Rails::Application
>      # Version of your assets, change this if you want to expire all your assets
>      config.assets.version = '1.0'
> +    # Allow cross-origin API requests

Ajax frameworks tend to add a few custom headers like `X-Requested-By` automatically. Prototype [reportedly](http://www.tsheffler.com/blog/?p=428) also adds `X-Prototype-Version`. Since we don't have any restrictions on request headers coming from non-browsers, I think it makes sense to have the same permissiveness for browser requests.

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20121022/0c8c7ac5/attachment.html>

More information about the rails-dev mailing list