jcsky/enviroments_production.rb

## enviroments_production.rb
# 原本的，會出現origin is not allowed by Access-Control-Allow-Origin 的錯誤
  config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins /amazingtalker.com\z/
      resource '*',
        headers: ['AtToken', 'AtLocale'],
        methods: [:get, :post, :delete, :put, :patch, :options],
        credentials: true
    end
  end

# 後來改成這樣，還是會出現origin is not allowed by Access-Control-Allow-Origin 的錯誤
  config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins 'https://tw.amazingtalker.com', /amazingtalker.com\z/, 'tw.amazingtalker.com', 'en.amazingtalker.com'
      resource '*',
        headers: ['AtToken', 'AtLocale'],
        methods: [:get, :post, :delete, :put, :patch, :options],
        credentials: true
    end
  end

## error_msg.txt
[Error] Failed to load resource: Origin https://tw.amazingtalker.com is not allowed by Access-Control-Allow-Origin. (sign_in, line 0)
[Error] XMLHttpRequest cannot load https://api.amazingtalker.com/v1/user/sign_in. Origin https://tw.amazingtalker.com is not allowed by Access-Control-Allow-Origin.
[Error] Unrecognized Content-Security-Policy directive ‘base-uri’.

## rails_log
# using gem 'rack-cors', :require => 'rack/cors'
# set debug: true, logger: Rails.logger

D, [2018-02-08T16:54:34.796915 #32523] DEBUG -- : Preflight Headers:
  Content-Type: text/plain
D, [2018-02-08T16:54:34.797322 #32501] DEBUG -- : Incoming Headers:
  Origin: http://tw.staging.amazingtalker.com
  Access-Control-Request-Method: GET
  Access-Control-Request-Headers: atlocale,attoken
D, [2018-02-08T16:54:34.797396 #32501] DEBUG -- : Preflight Headers:
  Content-Type: text/plain
D, [2018-02-08T16:54:34.797543 #32523] DEBUG -- : Incoming Headers:
  Origin: http://tw.staging.amazingtalker.com
  Access-Control-Request-Method: GET
  Access-Control-Request-Headers: atlocale,attoken
	# 原本的，會出現origin is not allowed by Access-Control-Allow-Origin 的錯誤
	config.middleware.insert_before 0, Rack::Cors do
	allow do
	origins /amazingtalker.com\z/
	resource '*',
	headers: ['AtToken', 'AtLocale'],
	methods: [:get, :post, :delete, :put, :patch, :options],
	credentials: true
	end
	end

	# 後來改成這樣，還是會出現origin is not allowed by Access-Control-Allow-Origin 的錯誤
	config.middleware.insert_before 0, Rack::Cors do
	allow do
	origins 'https://tw.amazingtalker.com', /amazingtalker.com\z/, 'tw.amazingtalker.com', 'en.amazingtalker.com'
	resource '*',
	headers: ['AtToken', 'AtLocale'],
	methods: [:get, :post, :delete, :put, :patch, :options],
	credentials: true
	end
	end
	[Error] Failed to load resource: Origin https://tw.amazingtalker.com is not allowed by Access-Control-Allow-Origin. (sign_in, line 0)
	[Error] XMLHttpRequest cannot load https://api.amazingtalker.com/v1/user/sign_in. Origin https://tw.amazingtalker.com is not allowed by Access-Control-Allow-Origin.
	[Error] Unrecognized Content-Security-Policy directive ‘base-uri’.
	# using gem 'rack-cors', :require => 'rack/cors'
	# set debug: true, logger: Rails.logger

	D, [2018-02-08T16:54:34.796915 #32523] DEBUG -- : Preflight Headers:
	Content-Type: text/plain
	D, [2018-02-08T16:54:34.797322 #32501] DEBUG -- : Incoming Headers:
	Origin: http://tw.staging.amazingtalker.com
	Access-Control-Request-Method: GET
	Access-Control-Request-Headers: atlocale,attoken
	D, [2018-02-08T16:54:34.797396 #32501] DEBUG -- : Preflight Headers:
	Content-Type: text/plain
	D, [2018-02-08T16:54:34.797543 #32523] DEBUG -- : Incoming Headers:
	Origin: http://tw.staging.amazingtalker.com
	Access-Control-Request-Method: GET
	Access-Control-Request-Headers: atlocale,attoken