Rack::Cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. The CORS spec allows web applications to make cross domain AJAX calls without using workarounds such as JSONP. For a thorough write up on CORS, see this blog post:
www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
Or for all the gory details, you can read the spec here:
www.w3.org/TR/access-control/#simple-cross-origin-request-and-actual-r
Install the gem:
gem install rack-cors
In your Gemfile:
gem 'rack-cors', :require => 'rack/cors'
You configure Rack::Cors by passing a block to the use command:
use Rack::Cors do allow do origins 'localhost:3000', '127.0.0.1:3000', /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/ # regular expressions can be used here resource '/file/list_all/', :headers => 'x-domain-token' resource '/file/at/*', :methods => [:get, :post, :put, :delete, :options], :headers => 'x-domain-token', :expose => ['Some-Custom-Response-Header'] # headers to expose end allow do origins '*' resource '/public/*', :headers => :any, :methods => :get end end
Put your code in “config/application.rb” on your rails application. For example, this will allow from any origins on any resource of your application, methods :get, :post and :options.
module YourApp
class Application < Rails::Application
# ...
config.middleware.use Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
end
See guides.rubyonrails.org/rails_on_rack.html for more details on rack middlewares or railscasts.com/episodes/151-rack-middleware.