-
-
Save dhoelzgen/cd7126b8652229d32eb4 to your computer and use it in GitHub Desktop.
class API::V1::BaseController < ApplicationController | |
skip_before_filter :verify_authenticity_token | |
before_filter :cors_preflight_check | |
after_filter :cors_set_access_control_headers | |
def cors_set_access_control_headers | |
headers['Access-Control-Allow-Origin'] = '*' | |
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' | |
headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token' | |
headers['Access-Control-Max-Age'] = "1728000" | |
end | |
def cors_preflight_check | |
if request.method == 'OPTIONS' | |
headers['Access-Control-Allow-Origin'] = '*' | |
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' | |
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token' | |
headers['Access-Control-Max-Age'] = '1728000' | |
render :text => '', :content_type => 'text/plain' | |
end | |
end | |
end |
Rails.application.routes.draw do | |
namespace :api, :defaults => {:format => :json} do | |
namespace :v1 do | |
controller :whatever, path: '/whatever' do | |
match 'post_action', via: [ :post, :options] | |
end | |
end | |
end | |
end |
class API::V1::WhateverController < API::V1::BaseController | |
def upload | |
# Do complicated super secret stuff | |
render json: { success: true } | |
end | |
end |
How can you do this with the assets pipeline?
Thank you very much for posting this.
It worked perfectly for me.
Just in case someone stumbles upon this gist, here's a more brief solution to the problem.
-
Tell rails (rack) what to do with
OPTIONS
requests:Append this simple line to the end of your
routes.rb
file:match '*path', via: [:options], to: lambda {|_| [204, {'Content-Type' => 'text/plain'}, []]}
What does it do? It will handle
OPTIONS
requests on all of your routes, responding with no content and the appropriateAccess-Control
headers. The response is rendered on rack level, so you won't have to think about this on higher levels (e.g. controllers). -
Add the headers you need via
rack-cors
:You can insert this snippet in
environments/development.rb
.config.middleware.insert_before 0, 'Rack::Cors', logger: (-> { Rails.logger }) do allow do origins 'localhost:3000' resource '*', headers: :any, methods: [:get, :post, :delete, :put, :patch, :options, :head], max_age: 0 end end
That's it really.
Awesome! thanks.
@npetkov - thank you very much!
@npetkov - 👍
@npetkov - thanks! For the first part I added this to routes and it got everything working:
Rails.application.routes.draw do
...
match '*path', via: [:options], to: lambda {|_| [204, {'Access-Control-Allow-Headers' => "Origin, Content-Type, Accept, Authorization, Token", 'Access-Control-Allow-Origin' => "*", 'Content-Type' => 'text/plain'}, []]}
end
That solved the problem. What is the second part for
Thanks a lot @npetkov
And thank you @davidcotter too
I opened an issue for that rails/rails#27655
Thanks
I get a Rack lint error when trying to pass any headers with a 204.
Nice, you made my day ^^
Wow, thank you so much! This helped me over the hurdle testing my ionic app. I know I have some tweaking to get this dialed in just right but this was immensely helpful!