From f57218f429333b7c66152d684b9c496c43c1258b Mon Sep 17 00:00:00 2001
From: Nuwan Chathuranga <nuwanchaturanga@gmail.com>
Date: Thu, 22 Jul 2021 17:19:40 +0530
Subject: [PATCH] enable CORS on web - allowing to connect by client app

---
 web/Gemfile.alt                          |  2 ++
 web/config/application.rb                |  2 ++
 web/config/environments/development.rb   |  4 ++++
 web/config/initializers/cors.rb          | 10 ++++++++++
 web/config/initializers/session_store.rb |  3 ++-
 5 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 web/config/initializers/cors.rb

diff --git a/web/Gemfile.alt b/web/Gemfile.alt
index 5f5c068a7..e182929c7 100644
--- a/web/Gemfile.alt
+++ b/web/Gemfile.alt
@@ -157,6 +157,8 @@ gem 'elasticsearch'
 
 gem 'logging', '1.7.2'
 
+gem 'rack-cors'
+
 
 if ENV['FASTER_PATH'] == '1'
   # https://github.com/danielpclark/faster_path
diff --git a/web/config/application.rb b/web/config/application.rb
index 0165c6ee5..e0d3b1cbe 100644
--- a/web/config/application.rb
+++ b/web/config/application.rb
@@ -512,5 +512,7 @@ if defined?(Bundler)
       config.latency_data_host = "http://localhost:4001"
       config.latency_data_host_auth_code = "c2VydmVyOnBhc3N3b3Jk"
       config.manual_override_installer_ends_with = "JamKazam-1.0.3776.dmg"
+      config.spa_origin = "http://beta.jamkazam.local:3000"
+      config.session_cookie_domain = ".jamkazam.local"
   end
 end
diff --git a/web/config/environments/development.rb b/web/config/environments/development.rb
index f63373c8a..3a024394b 100644
--- a/web/config/environments/development.rb
+++ b/web/config/environments/development.rb
@@ -116,4 +116,8 @@ SampleApp::Application.configure do
   config.use_video_conferencing_server = true
   config.latency_data_host = "http://localhost:4001/local"
   config.latency_data_host_auth_code = "c2VydmVyOnBhc3N3b3Jk"
+
+  config.spa_origin = "http://beta.jamkazam.local:3000"
+
+  config.session_cookie_domain = ".jamkazam.local"
 end
diff --git a/web/config/initializers/cors.rb b/web/config/initializers/cors.rb
new file mode 100644
index 000000000..6c699a8d7
--- /dev/null
+++ b/web/config/initializers/cors.rb
@@ -0,0 +1,10 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins Rails.configuration.spa_origin
+
+    resource '*',
+      headers: :any,
+      methods: [:get, :post, :options],
+      credentials: true
+  end
+end
\ No newline at end of file
diff --git a/web/config/initializers/session_store.rb b/web/config/initializers/session_store.rb
index 323e244f6..24c925469 100644
--- a/web/config/initializers/session_store.rb
+++ b/web/config/initializers/session_store.rb
@@ -1,6 +1,7 @@
 # Be sure to restart your server when you modify this file.
 
-SampleApp::Application.config.session_store :cookie_store, key: '_jamkazam_session'
+domain = Rails.env.production? ? ".jamkazam.com" : ".jamkazam.local"
+SampleApp::Application.config.session_store :cookie_store, key: '_jamkazam_session', domain: domain
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information