Skip to content
forked from cyu/rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.

Notifications You must be signed in to change notification settings

dipspb/rack-cors

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rack CORS Middleware

Rack::Cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. The CORS spec allows web applications to make cross domain AJAX calls without using workarounds such as JSONP. For a thorough write up on CORS, see this blog post:

www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/

Or for all the gory details, you can read the spec here:

www.w3.org/TR/access-control/#simple-cross-origin-request-and-actual-r

Install the gem:

gem install rack-cors

In your Gemfile:

gem 'rack-cors', :require => 'rack/cors'

Configuration

You configure Rack::Cors by passing a block to the use command:

use Rack::Cors do |cfg|
  cfg.allow do |allow|
    allow.origins 'localhost:3000', '127.0.0.1:3000',
                  /http:\/\/192\.168\.0\.\d{1,3}(:\d+)?/
                  # regular expressions can be used here

    allow.resource '/file/list_all/', :headers => 'x-domain-token'
    allow.resource '/file/at/*',
        :methods => [:get, :post, :put, :delete],
        :headers => 'x-domain-token',
        :expose => ['Some-Custom-Response-Header']
        # headers to expose
  end

  cfg.allow do |allow|
    allow.origins '*'
    allow.resource '/public/*', :headers => :any, :methods => :get
  end
end

About

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 100.0%