Use same CORS policy for /@:username and /users/:username (mastodon#9485)

ClearlyClaire · hiyuki2578 · commit 2c4a3190bb3b · 2019-10-02T10:02:09.000+09:00
Fixes mastodon#8189 rack-cors being called before the application router, it does not follow the redirection, and we need a separate rule for /users/:username.
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -17,6 +17,10 @@
       headers: :any,
       methods: [:get],
       credentials: false
+    resource '/users/:username',
+      headers: :any,
+      methods: [:get],
+      credentials: false
     resource '/api/*',
       headers: :any,
       methods: [:post, :put, :delete, :get, :patch, :options],
