Class: LtiBoxEngine::ApplicationController

Inherits:

ActionController::Base

Object
ActionController::Base
LtiBoxEngine::ApplicationController

show all

Defined in:: app/controllers/lti_box_engine/application_controller.rb

Direct Known Subclasses

LtiController, TestController

Instance Method Summary collapse

#cors_preflight_check ⇒ Object

If this is a preflight OPTIONS request, then short-circuit the request, return only the necessary headers and return an empty text/plain.
#cors_set_access_control_headers ⇒ Object

For all responses in this controller, return the CORS access control headers.
#set_default_headers ⇒ Object

Instance Method Details

#cors_preflight_check ⇒ `Object`

If this is a preflight OPTIONS request, then short-circuit the request, return only the necessary headers and return an empty text/plain.

# File 'app/controllers/lti_box_engine/application_controller.rb', line 23

def cors_preflight_check
  if request.method == :options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = '*'
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end

#cors_set_access_control_headers ⇒ `Object`

For all responses in this controller, return the CORS access control headers.

# File 'app/controllers/lti_box_engine/application_controller.rb', line 12

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
  headers['Access-Control-Request-Method'] = '*'
  headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
  headers['Access-Control-Max-Age'] = "1728000"
end

#set_default_headers ⇒ `Object`



7
8
9

# File 'app/controllers/lti_box_engine/application_controller.rb', line 7

def set_default_headers
  response.headers['X-Frame-Options'] = 'ALLOWALL'
end