How to send CORS headers with Devise if user not authorized (401 response)

Question

I am working on an app, where server and the api-consuming client reside under different domains, so I would like to use CORS. To do so, I have to set corresponding http hea

Answer 1

I successfully used the rack-cors gem https://github.com/cyu/rack-cors and outlined my experience on my blog.

Punchline: Specify middleware order so cors handler is before warden:

config.middleware.insert_before Warden::Manager, Rack::Cors