Add noopener and noreferer to links in user generated content

[rails.git] / config / initializers / cors.rb

diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 1a8ce106d2ad29647c791de75ebaf03e74ca02e9..2bd558d2f3f24ec4f4f9884cb9b1cf4c815505dc 100644 (file)
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -7,9 +7,7 @@ module OpenStreetMap
   class Cors < Rack::Cors
     def call(env)
       status, headers, body = super env
-      if headers['Access-Control-Allow-Origin']
-        headers['Cache-Control'] = 'no-cache'
-      end
+      headers["Cache-Control"] = "no-cache" if headers["Access-Control-Allow-Origin"]
       [status, headers, body]
     end
   end
@@ -25,5 +23,8 @@ Rails.configuration.middleware.use OpenStreetMap::Cors do
     origins "*"
     resource "/oauth/*", :headers => :any, :methods => [:get, :post]
     resource "/api/*", :headers => :any, :methods => [:get, :post, :put, :delete]
+    resource "/diary/rss", :headers => :any, :methods => [:get]
+    resource "/diary/*/rss", :headers => :any, :methods => [:get]
+    resource "/user/*/diary/rss", :headers => :any, :methods => [:get]
   end
 end