From 9bd7daeaf81e8708207050db979ff03ac243abfa Mon Sep 17 00:00:00 2001
From: Shivam Mishra <scm.mymail@gmail.com>
Date: Thu, 22 May 2025 10:13:15 +0530
Subject: [PATCH] feat: Allow CORS api access (#11546)

---
 config/initializers/cors.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 1d516370f..38878d456 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -14,6 +14,10 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
     if ActiveModel::Type::Boolean.new.cast(ENV.fetch('CW_API_ONLY_SERVER', false)) || Rails.env.development?
       resource '*', headers: :any, methods: :any, expose: %w[access-token client uid expiry]
     end
+
+    if ActiveModel::Type::Boolean.new.cast(ENV.fetch('ENABLE_API_CORS', false))
+      resource '/api/*', headers: :any, methods: :any, expose: %w[access-token client uid expiry]
+    end
   end
 end