From cb0cb654c89c83ddfacc134b2935841c517a59d9 Mon Sep 17 00:00:00 2001
From: Nuwan <nuwanchaturanga@gmail.com>
Date: Fri, 26 Apr 2024 16:35:45 +0530
Subject: [PATCH] limit CORS only to /api/*

---
 web/config/initializers/cors.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/config/initializers/cors.rb b/web/config/initializers/cors.rb
index 884afbeda..568a7588e 100644
--- a/web/config/initializers/cors.rb
+++ b/web/config/initializers/cors.rb
@@ -2,7 +2,7 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
     origins Rails.configuration.spa_origin
 
-    resource '*',
+    resource '/api/*',
       headers: :any,
       methods: [:get, :post, :delete, :options],
       credentials: true