Skip to content

[CORS] Cross Origin Resource Sharing

Jump to bottom
Nikita Bulai edited this page Nov 24, 2016 · 2 revisions

if you want to protect your API with OAuth2, bunt want an other applications running in a different context (like a mobile applications) to request on it, then you need to setup Cross-origin resource sharing for your API. You can find more info about it on Wikipedia.

The most common solution for Rack-based applications is to use rack-cors gem. It's a Rack middleware that will set required HTTP headers for you in order to be able to make Cross Domain requests to your application.

Add rack-cors to you Gemfile:

gem 'rack-cors', require: 'rack/cors'

In config.ru of your project configure Rack::Cors as follows:

require 'rack/cors'

# ...

use Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [:get, :post, :put, :delete, :options]
  end
end

And that is all you need! You can make any other CORS configuration, please read the gem docs.

Clone this wiki locally