Cross-Origin Resource Sharing (CORS)
Ruby Talks #7
Szubrycht Kamil
CORS flow
Text
Browsers support
- Chrome 3+
- Firefox 3.5+
- Opera 12+
- Safari 4+
- Internet Explorer 8+
Don't detect browser. Detect technology.
rack-cors
module YourApp
class Application < Rails::Application
# ...
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*' # or any domain
# origins 'localhost:3000'
resource '*', :headers => :any, :methods => [:get, :post, :options]
# resource '/public/*', :headers => 'x-domain-token', :methods => :get
end
end
end
end
RT#7: Cross-Origin Resource Sharing
By Kamil Szubrycht
