How to set access-control-allow-origin in webrick under rails?

ruby-on-rails ajax cors xmlhttprequest webrick
brad picture brad · Mar 29, 2010 · Viewed 28.5k times · Source

I have written a small rails app to serve up content to another site via xmlhttprequests that will be operating from another domain (it will not be possible to get them running on the same server). I understand I will need to set access-control-allow-origin on my rails server to allow the requesting web page to access this material.

It seems fairly well documented how to do this with Apache and this is probably the server I will use once I deploy the site. While I am developing though I hope to just use webrick as I am used to doing with rails. Is there a way of configuring webrick to provide the appropriate http header within rails?

Answer

Jared Fine picture Jared Fine · Jul 23, 2013

Rails 4 (http://edgeguides.rubyonrails.org/security.html#default-headers)

In config/application.rb:

config.action_dispatch.default_headers.merge!({
  'Access-Control-Allow-Origin' => '*',
  'Access-Control-Request-Method' => '*'
})

Related questions

Allow CORS in Ruby on Rails

In my config/application.rb file, I have this code, config.action_dispatch.default_headers = { 'Access-Control-Allow-Origin' => '*', 'Access-Control-Request-Method' => 'GET, PATCH, PUT, POST, OPTIONS, DELETE' } But that does not allow me to send a post request to a …

Read More
Rails detect if request was AJAX

In my action I wish to only respond with processing if it was called from an AJAX request. How do I check? I want to do something like this: def action @model = Model.find(params[:id]) respond_to do |format| …

Read More
POST 422 (Unprocessable Entity) in Rails? Due to the routes or the controller?

I'm trying to give users on my website "points" or "credits" for tweeting about out the brand name. I have the fancy twitter widget on the appropriate view... <p><a href="https://twitter.com/share" class="twitter-share-button" …

Read More