Rails and cross origin resource sharing (CORS)

There are a number of posts out there on how to enable CORS requests in your rails apps. For information on CORS here’s a good writeup . I followed Tom’s blog and made the appropriate changes to routes, and my application controller. All was well in the world except with Devise. When a user would fail to authenticate, I’d get the 401 back but no other response data as described in this SO article. Basically, Warden was sending back the response before my CORS headers could be set. Then I found the wonderful Rack CORS middleware gem by Calvin Yu https://github.com/cyu/rack-cors which made is super-simple to configure CORS and be intercepted before Warden. Note, if you have trouble with the order the middleware are loaded, see this ticket from Jean Mertz https://github.com/nov/rack-oauth2/issues/18 where he specified the load order with

config.middleware.insert_before Warden::Manager, Rack::Cors

OSS is such a great place to work :)