Allow API Requests From Anywhere In Rails

If you’ve got to configure a public API or with another javascript app, CORS is something you will come across.

If you want a more configurable and standard way of doing this, then use the gem rack-cors

Otherwise you can do it in a quick and dirty way using a before_filter. Im going to put mine in the application controller to apply to the whole site, you may want to restrict this in specific controllers.


# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
  before_filter :apply_cors_policy
  
  private
  
  def apply_cors_policy
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
    headers['Access-Control-Request-Method'] = '*'
    headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
  end

end

Contact

604-309-8713
info@solidfoundationwebdev.com

Send Me A Message

I would love to get in touch and talk about your next project. Feel free to send a message and I will get back to you shortly.

Get Connected

Contact