From abb20c89ad6496da84ca935e55e1748feacbc2cd Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Sun, 3 May 2015 19:52:29 +0000
Subject: [PATCH 1/3] Prevent JSON filter usage for CORS API requests

---
 app/controllers/api/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb
index eeb7509..19b96a3 100644
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@@ -6,7 +6,7 @@ module API
     skip_before_filter :authenticate!, only: :cor_preflight
 
     before_filter :cor_filter
-    before_filter :json_filter!
+    before_filter :json_filter!, except: :cor_preflight
 
     def not_found
       head :not_found

From eb62ab96ff003f12a1749793782946c63f2fe56f Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Sun, 3 May 2015 20:14:08 +0000
Subject: [PATCH 2/3] Improve status code expectation in json UAT helper

---
 spec/support/acceptance_helpers.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/support/acceptance_helpers.rb b/spec/support/acceptance_helpers.rb
index 8ba6bc4..52fe785 100644
--- a/spec/support/acceptance_helpers.rb
+++ b/spec/support/acceptance_helpers.rb
@@ -40,8 +40,8 @@ module AcceptanceHelpers
     end
   end
 
-  def json
-    expect(response).to be_success
+  def json status = 200
+    expect(response.status).to be status
     JSON.parse(response.body, symbolize_names: true)
   end
 end

From db7de0c03866cc3bca9b094a8aeda2e5d2b5c6f5 Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Sun, 3 May 2015 20:15:48 +0000
Subject: [PATCH 3/3] Accept JSON requests more liberally in API

---
 app/controllers/api/application_controller.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb
index 19b96a3..2961396 100644
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@@ -37,8 +37,11 @@ module API
     end
 
     def json_filter!
-      return if request.format.json?
-      head :not_acceptable, content_type: 'application/json'
+      if request.format.json? || request.accepts.include?(:json)
+        request.format = :json
+      else
+        head :not_acceptable, content_type: 'application/json'
+      end
     end
   end
 end