Cross-Origin Resource Sharing (CORS)

Ruby Talks #7

Szubrycht Kamil

CORS flow

Text

Browsers support

  • Chrome 3+
  • Firefox 3.5+
  • Opera 12+
  • Safari 4+
  • Internet Explorer 8+

Don't detect browser. Detect technology.

rack-cors

module YourApp
  class Application < Rails::Application

    # ...

    config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins '*' # or any domain
        # origins 'localhost:3000'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
        # resource '/public/*', :headers => 'x-domain-token', :methods => :get
      end
    end

  end
end
Made with Slides.com