From 5600670fef46ef11d80285c2d67e1b3d70ddb243 Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@brenda.nz>
Date: Sun, 31 May 2020 12:58:26 +1200
Subject: [PATCH] Only allow open CORS on the api

---
 config/application.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index d8f2e2c4f..e588f878f 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -108,7 +108,7 @@ module Growstuff
     config.middleware.insert_before 0, Rack::Cors do
       allow do
          origins '*'
-         resource '*', headers: :any, methods: [:get, :post, :options]
+         resource '/api/v1/*', headers: :any, methods: [:get, :post, :options]
        end
     end
   end