An ArchivesSpace plugin that adds Access-Control-Allow headers to HTTP requests using Rack middleware. Huge thanks to Mark Triggs for the assist on this code.
- ArchivesSpace instance
-
Download or clone this repository into the ArchivesSpace
plugins/directory..git clone [email protected]:RockefellerArchiveCenter/as-cors.git -
Edit
config/config.rbto include the plugin:AppConfig[:plugins] = ['local', 'lcnaf', 'aspace-public-formats', 'as-cors'] -
Restart ArchivesSpace.
Routes on which CORS headers are available can be edited by defining the AppConfig[:cors_endpoints] variable.
For production use, AppConfig[:cors_allow_origin] should specify a host name, rather than the permissive wildcard *.
Edit config/config.rb to include the below default configuration.
The default configuration is:
AppConfig[:cors_allow_origin] = '*'
AppConfig[:cors_endpoints] = [
'/version',
'/users/:id/login',
'/repositories/:repo_id/archival_objects/:id',
'/repositories/:repo_id/resources/:id',
'/repositories/:repo_id/search',
]This gives you sufficient permissions to log in, search, and get information about a specific resource or archival object.
Pull requests accepted!
- Mark Triggs
- Hillel Arnold
This code is released under the MIT License. See LICENSE.md for more information.