Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
# Show HTTP OPTIONS for XHR2 / CORS requests
def options
render :nothing => true, :status => 204
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
response.headers['Access-Control-Allow-Credentials'] = 'true'
response.headers['Access-Control-Max-Age'] = '86400' # 24 hours
response.headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept'
# Note: These headers must also be added to the actual GET / POST / PUT / DELETE responses
# as well or else the browser may report a failure where there was in fact a success.
# Create a session for non-logged in users which may be merged on login or remain anonymous, one-time use.
def create
#TODO how to handle this in the case of internationalization
# I chose not to put this in the db layer because this is shared with the user class
guest ={:display_name=>'Guest'})
guest_session =
# sanitize the outbound hash now to keep it dry when we add xml and html support in addition to json
hash = {:display_name => guest.display_name, :single_access_token => guest.single_access_token}
respond_to do |format|
# This works for client ACCEPT headers as well as .:format.
format.json { render :json => hash, :callback => params[:callback] }
# Log out
def destroy
#TODO if the guest didn't leave an e-mail, delete the guest (regarding as spam)
message = {:message => "Logout successful!", :errors => []}
respond_to do |format|
format.json { render :json => message, :callback => params[:callback] }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.