This PR modifies the default configuration bundled by the rack-cors recipe. As of today we were allowing requests from any origin to any resource, which is a very unsafe configuration. The new config only allows get requests to the urls under public and index/show/create/update/delete requests for urls under api.
This PR modifies the default configuration bundled by the rack-cors recipe. As of today we were allowing requests from any origin to any resource, which is a very unsafe configuration. The new config only allows get requests to the urls under
publicand index/show/create/update/delete requests for urls underapi.closes #202