allow headers to be removed

2014-02-20 10:23:41 -05:00 · 2014-02-20 10:23:41 -05:00 · b8f2410d5f
commit b8f2410d5f
parent 4cb1c95793
2 changed files with 26 additions and 19 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base
  helper_method :current_user_session, :current_user, :logged_in?, :is_admin?, :get_header_value, :to_bytes
  protect_from_forgery
  before_filter :allow_cross_domain_access, :set_variables
  after_filter :remove_headers
  # responds with blank
  def respond_with_blank
@ -53,6 +54,11 @@ class ApplicationController < ActionController::Base
  private
    # remove headers if necessary
    def remove_headers
      response.headers.delete_if {|key| true} if params[:headers] == 'false'
    end
    # allow javascript requests from any domain
    def allow_cross_domain_access
      response.headers['Access-Control-Allow-Origin'] = '*'
--- a/app/controllers/plugins_controller.rb
+++ b/app/controllers/plugins_controller.rb
@ -6,7 +6,7 @@ class PluginsController < ApplicationController
  def check_permission
    @plugin = Plugin.find(params[:id])
    if @plugin.user_id != current_user.id
-      render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true
+      render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true and return
      return true
    end
    return false
@ -159,3 +159,4 @@ class PluginsController < ApplicationController
    redirect_to plugins_path
  end
 end