Open Dawil opened 10 years ago
Actually, by using permit!
we can get things to work. This is technically a security error but if we restrict the CORS domains to trusted servers it's more of a logic bug when it happens than a security bug. It's also much easier (and faster) so we'll do it this way first. We can make it proper later if we feel we need to loosen the CORS permissions.
e.g. I needed to change the
person_params
method from:to:
to allow a curl post with the following body: