From 453328a97e2a75004fdf1793bb077a2cc55a29e0 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Fri, 9 Apr 2021 15:36:26 +0100
Subject: [PATCH] Configure CORS settings for StoriesController

 - Storybook need to access through a GET method on `/rails/stories/**` served by `ViewComponent::Storybook::StoriesController`
 - Configure exact policy with an initialized filter
---
 config/initializers/storybook.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 config/initializers/storybook.rb

diff --git a/config/initializers/storybook.rb b/config/initializers/storybook.rb
new file mode 100644
index 0000000000..3f521af868
--- /dev/null
+++ b/config/initializers/storybook.rb
@@ -0,0 +1,14 @@
+# Adjust headers to allow running Storybook in development.
+# Uses iframes and doesn't play nicely with CORS checks
+
+if Rails.env.development?
+  module PermissiveCORSHeaders
+    def self.before(response)
+      response.headers["Access-Control-Allow-Origin"] = "*"
+      response.headers["Access-Control-Allow-Methods"] = "GET"
+    end
+  end
+
+  ViewComponent::Storybook::StoriesController.before_action(PermissiveCORSHeaders)
+end
+