Heroku, Rails 4, and Rack::Cors

Question

I am trying to use Rack::Cors with my Rails 4 application so that I can do a JSON based API.

CORS is in my Gemfile like this:

gem \'rack-cors\', :req         


        

Answer 1

I was having a similar problem, I could not read Location header from the response in angularjs, even though I could see it in chrome's dev tools. I had the Rack::Cors set like this:

config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
    allow do
        origins '*'
        resource '*',
            headers: :any,
            methods: [:get, :post, :delete, :put, :patch, :options, :head],
            max_age: 0
        end
    end

The solution for me was to add the location to the :expose option, and after that I could see it in angularjs:

config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
    allow do
        origins '*'
        resource '*',
            headers: :any,
            methods: [:get, :post, :delete, :put, :patch, :options, :head],
            max_age: 0,
            expose: :location
        end
    end

Answer 2

Ok thanks to Jason I was able to figure out the root cause for me. I had the Cisco AnyConnect VPN client installed and it was blocking CORS requests.

You can find out more here: http://www.bennadel.com/blog/2559-Cisco-AnyConnect-VPN-Client-May-Block-CORS-AJAX-OPTIONS-Requests.htm

Uninstalling it all of a sudden allowed everything to work!

Answer 3

It looks like the issue is being caused by my machine or the network I am on. I SSHed into a hosting environment I use and used the curl command above and it worked.

Additional Note Here is something else that just happened that I thought I ought to add to this. My AJAX request was not to the https URL for my Heroku app, but Heroku was translating it be https. This was causing an additional cross-origin issue. Switching to use https for the AJAX request fixed this.

Answer 4

Try

config.middleware.insert_before ActionDispatch::Static, Rack::Cors do
  # ...
end

Answer 5

I ran into the same problem with heroku. I found this blog with the same rack-cors issue.

Just moved the use Rack::Cors to config.ru, redeployed to heroku and it works.

require ::File.expand_path('../config/environment',  __FILE__)
run Rails.application

require 'rack/cors'
use Rack::Cors do

  # allow all origins in development
  allow do
    origins '*'
    resource '*', 
        :headers => :any, 
        :methods => [:get, :post, :delete, :put, :options]
  end
end

Answer 6

If you are using Rails 6:

First go to your Gemfile and uncomment gem 'rack-cors'. Then run bundle install

After that go to config/initializers folder. There, you should find a file called cors.rb.

Uncomment the code that looks like this

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins 'example.com'

    resource '*',
      headers: :any,
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end

change the line that says origins 'example.com' to origin '*' or if you're request will be originating from a particular origin, then set it accordingly.

This worked for me. Hope it works for you as well. Cheers