# Be sure to restart your server when you modify this file.

# Avoid CORS issues when API is called from the frontend app.
# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin Ajax requests.

# Read more: https://github.com/cyu/rack-cors

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins_list = ENV['ALLOWED_ORIGINS'].present? ? ENV['ALLOWED_ORIGINS'].split(',') : []
    
    if Rails.env.development? && origins_list.empty?
      origins %r{\Ahttp://(localhost|127\.0\.0\.1)(:\d+)?\z}
    else
      origins origins_list
    end

    resource '*',
             headers: :any,
             methods: %i[get post put patch delete options head],
             credentials: true
  end
end 