Class: LtiBoxEngine::ApplicationController
- Inherits:
-
ActionController::Base
- Object
- ActionController::Base
- LtiBoxEngine::ApplicationController
- Defined in:
- app/controllers/lti_box_engine/application_controller.rb
Direct Known Subclasses
Instance Method Summary collapse
-
#cors_preflight_check ⇒ Object
If this is a preflight OPTIONS request, then short-circuit the request, return only the necessary headers and return an empty text/plain.
-
#cors_set_access_control_headers ⇒ Object
For all responses in this controller, return the CORS access control headers.
- #set_default_headers ⇒ Object
Instance Method Details
#cors_preflight_check ⇒ Object
If this is a preflight OPTIONS request, then short-circuit the request, return only the necessary headers and return an empty text/plain.
23 24 25 26 27 28 29 30 31 |
# File 'app/controllers/lti_box_engine/application_controller.rb', line 23 def cors_preflight_check if request.method == :options headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS' headers['Access-Control-Allow-Headers'] = '*' headers['Access-Control-Max-Age'] = '1728000' render :text => '', :content_type => 'text/plain' end end |
#cors_set_access_control_headers ⇒ Object
For all responses in this controller, return the CORS access control headers.
12 13 14 15 16 17 18 |
# File 'app/controllers/lti_box_engine/application_controller.rb', line 12 def cors_set_access_control_headers headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS' headers['Access-Control-Request-Method'] = '*' headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization' headers['Access-Control-Max-Age'] = "1728000" end |
#set_default_headers ⇒ Object
7 8 9 |
# File 'app/controllers/lti_box_engine/application_controller.rb', line 7 def set_default_headers response.headers['X-Frame-Options'] = 'ALLOWALL' end |