Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist
View cors_controller.rb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
#app/controllers/guest_sessions_controller.rb:
 
# Show HTTP OPTIONS for XHR2 / CORS requests
def options
render :nothing => true, :status => 204
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
response.headers['Access-Control-Allow-Credentials'] = 'true'
response.headers['Access-Control-Max-Age'] = '86400' # 24 hours
response.headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept'
end
 
# Note: These headers must also be added to the actual GET / POST / PUT / DELETE responses
# as well or else the browser may report a failure where there was in fact a success.
 
 
# Create a session for non-logged in users which may be merged on login or remain anonymous, one-time use.
def create
#TODO how to handle this in the case of internationalization
# I chose not to put this in the db layer because this is shared with the user class
guest = Guest.new({:display_name=>'Guest'})
guest.save
guest_session = GuestSession.new(guest)
# sanitize the outbound hash now to keep it dry when we add xml and html support in addition to json
hash = {:display_name => guest.display_name, :single_access_token => guest.single_access_token}
respond_to do |format|
# This works for client ACCEPT headers as well as .:format.
format.json { render :json => hash, :callback => params[:callback] }
end
end
 
# Log out
def destroy
#TODO if the guest didn't leave an e-mail, delete the guest (regarding as spam)
current_guest_session.destroy
message = {:message => "Logout successful!", :errors => []}
respond_to do |format|
format.json { render :json => message, :callback => params[:callback] }
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.