CORS headers in Rails stack ?
When working with API it’s important to set up CORS headers to support Web Client (Browser) requests.
Common solution for most of Rails developers is to create
with custom headers.
Well that’s WRONG.
What you should do instead is to setup CORS at the (Rack)[http://rack.github.io] middleware level before your Rails routes. Routes only accessible after HTTP OPTIONS method succeeded on the web client.
Rack Cors is helpful if you don’t want to write your own middleware.
make sure that you serve CORS at the top of the stack or at least before middleware you need (in my case I had
“The proper way” of handling Cross-origin is to set it up at the Nginx level. So your Rails app is only busy with serving API.
Make use of add_header in the
if all your server does is serving API)