From d002c14aab6950337878fe064bd99bd41f9c26cd Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Sun, 26 Jun 2011 20:29:39 -0700
Subject: [PATCH] Initial implementation of allowing cross-origin requests in
 the webfinger flow, so that the unhosted guys can use Diaspora.  May not work
 with caches-page on host-meta.  We'll have to use X-Accel-Redirect or
 something.

---
 app/controllers/publics_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/publics_controller.rb b/app/controllers/publics_controller.rb
index a497085705..1c73ac0fb9 100644
--- a/app/controllers/publics_controller.rb
+++ b/app/controllers/publics_controller.rb
@@ -10,6 +10,11 @@ class PublicsController < ApplicationController
   skip_before_filter :set_invites
   skip_before_filter :which_action_and_user
   skip_before_filter :set_grammatical_gender
+  before_filter :allow_cross_origin, :only => [:hcard, :host_meta, :webfinger]
+
+  def allow_cross_origin
+    headers["Access-Control-Allow-Origin"] = "*"
+  end
 
   layout false
   caches_page :host_meta
-- 
GitLab