Add CORS config to the handler

cable-cr / cable

It's like ActionCable (100% compatible with JS Client), but you know, for Crystal

MIT License

128 stars 12 forks source link

Add CORS config to the handler #68

Open jwoertink opened 1 year ago

jwoertink commented 1 year ago

https://guides.rubyonrails.org/action_cable_overview.html#allowed-request-origins

The Rails version allows a few CORS settings to be checked, and it rejects connections when they don't match:

config.action_cable.allowed_request_origins = ['https://rubyonrails.com', %r{http://ruby.*}]
# disable it with
config.action_cable.disable_request_forgery_protection = true

jwoertink commented 1 year ago

What I'd love here is if there's a way we can do it on a per channel basis.... No clue how that would work, but if I could say ChatChannel must be protected by CORS on the same domain, but ApiChannel has different restrictions as it may be accessed outside of the domain.