Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Rails API: CORS Headers
class ApplicationController < ActionController::API
before_action :set_origin
before_action :set_headers
private
def set_origin
@origin = request.headers['HTTP_ORIGIN']
end
def set_headers
if @origin
allowed = ['lvh.me', 'localhost', 'my-app.com']
allowed.each do |host|
if @origin.match /^https?:\/\/#{Regexp.escape(host)}/i
headers['Access-Control-Allow-Origin'] = @origin
break
end
end
# or '*' for public access
# headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
headers['Access-Control-Request-Method'] = '*'
headers['Access-Control-Allow-Headers'] = 'Content-Type'
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment