Rails and cross origin resource sharing (CORS)
16 Oct 2012There are a number of posts out there on how to enable CORS requests in your rails apps. For information on CORS here’s a good writeup . I followed Tom’s blog and made the appropriate changes to routes, and my application controller. All was well in the world except with Devise. When a user would fail to authenticate, I’d get the 401 back but no other response data as described in this SO article. Basically, Warden was sending back the response before my CORS headers could be set. Then I found the wonderful Rack CORS middleware gem by Calvin Yu https://github.com/cyu/rack-cors which made is super-simple to configure CORS and be intercepted before Warden. Note, if you have trouble with the order the middleware are loaded, see this ticket from Jean Mertz https://github.com/nov/rack-oauth2/issues/18 where he specified the load order with
config.middleware.insert_before Warden::Manager, Rack::Cors
OSS is such a great place to work :)