Skip to content

Migrating to 0.6.0

Fernando H. E. Bellincanta edited this page Nov 28, 2018 · 3 revisions

Version 0.6.0 introduced our initializer that configures CORS middleware attributes. If you were running a version prior to that you need to do some app configuration for updating.

If your are migrating from < 0.6.0 you need to run:

rails generate apicasso:install

This way a default initializer will be created with the default options setted for CORS middeleware in for the engine. After that update you can customize CORS for the APIcasso endpoints using a configuration block:

Apicasso.configure do |config|
  # Origins can be specified as a string, a regular expression,
  # or as '*' to allow all origins.
  # Origin response header indicates whether the response can be
  # shared with requesting code from the given origin.
  config.origins = '*'

  # A Resource path can be specified as exact string match (/path/to/file.txt)
  # or with a '*' wildcard (/all/files/in/*).
  # To include all of a directory's files and the files in its subdirectories,
  # use this form: /assets/**/*.
  config.resource = '*'

  # The HTTP methods allowed for the resource.
  # Can be a string or array or :any
  config.headers = :any

  # Sets the Access-Control-Allow-Credentials response header.
  # If a wildcard (*) origin is specified, this option cannot be set to true.
  # Can be a boolean, default: false
  config.credentials = '*'

  # Sets the Access-Control-Max-Age response header.
  # The Access-Control-Max-Age response header indicates how long the results
  # of a preflight request (that is the information contained in the
  # Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)
  # can be cached.
  # Must be a number
  config.max_age = 1_728_000

  # The Access-Control-Allow-Methods response header specifies the method or
  # methods allowed when accessing the resource in response to a request.
  # Cam be a string or array or :any
  config.methods = %i[get post delete put patch options]

  # The Vary HTTP response header determines how to match future request headers
  # to decide whether a cached response can be used rather than requesting a
  # fresh one from the origin server. It is used by the server to indicate which
  # headers it used when selecting a representation of a resource in a content
  # negotiation algorithm.
  # Can be a string or array
  config.vary = nil

  # The Access-Control-Expose-Headers response header indicates which headers
  # can be exposed as part of the response by listing their names.
  # Can be a string or array
  config.expose = nil

  # If the result of the proc is true, will process the request as
  # a valid CORS request.
  # Must be a Proc
  config.if = nil
end
Clone this wiki locally