Be more specific on allowed request origins by adding OFN_URL

+ add same configuration for production
2026-01-29 21:17:17 +00:00 · 2022-12-29 15:17:55 +01:00
parent 992b497b75
commit b858371735
2 changed files with 4 additions and 1 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -48,6 +48,9 @@ Openfoodnetwork::Application.configure do
    reconnect_attempts: 1
  }

+  config.action_cable.url = "#{ENV['OFN_URL']}/cable"
+  config.action_cable.allowed_request_origins = [/http:\/\/#{ENV['OFN_URL']}\/*/, /https:\/\/#{ENV['OFN_URL']}\/*/]
+
  # Enable serving of images, stylesheets, and JavaScripts from an asset server
  # config.action_controller.asset_host = "http://assets.example.com"

--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -49,7 +49,7 @@ Openfoodnetwork::Application.configure do
  }

  config.action_cable.url = "#{ENV['OFN_URL']}/cable"
-  config.action_cable.allowed_request_origins = [/http:\/\/*/, /https:\/\/*/]
+  config.action_cable.allowed_request_origins = [/http:\/\/#{ENV['OFN_URL']}\/*/, /https:\/\/#{ENV['OFN_URL']}\/*/]

  # Enable serving of images, stylesheets, and JavaScripts from an asset server
  # config.action_controller.asset_host = "http://assets.example.com"