Never worry about CORS again
MIT License
Use this if you don't care about CORS problems and never want to see them again.
Don't use this if you have more complex CORS policies.
CORS is a bitch. It's annoying when you just want to develop your application. You need to GET/POST/PUT/DELETE to some api in a browser but it's stopping you. Drop this rack middleware into your stack and make that it work.
Access-Control-Accept-Origin: *
.Access-Control-Request-Method
forAccess-Control-Allow-Method
for preflight requests.Access-Control-Request-Headers
forAccess-Control-Allow-Headers
for preflight requests.Access-Control-Expose-Headers
.Access-Control-Accept-Headers
.Access-Control-Accept-Origin: *
to simple requests.CORS preflight requests are sent as OPTIONS requests to whatever URL the
request will made to. Browsers add Access-Control-Request-Method
and
Access-Control-Request-Headers
to these requests. The middleware short
circuit these reqeusts to return the CORS response. So be warned: If
your application accepts OPTIONS
for routing then you should not use
this code.
Add this line to your application's Gemfile:
gem 'manifold'
And then execute:
$ bundle
Or install it yourself as:
$ gem install manifold
# config.ru
require 'manifold'
Manifold.expose += %w(X-Custom-Header)
use Manifold::Middleware
run MyApp
Manifold integrates cleanly with Rails. It inserts it's middleware at
the top of the stack and exposes it's configuration through
Rails.config
. Manifold also add exposes headers added by Rails for
CORS.
# application.rb
config.manifold.accept += %w(X-Custom-Input-Header) # add custom headers you need
config.manifold.expose += %(X-Custom-Output-Header)
git checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)