Menu
I have written a small rails app to serve up content to another site via xmlhttprequests that will be operating from another domain (it will not be possible to get them running on the same server). I understand I will need to set access-control-allow-origin on my rails server to allow the requesting web page to access this material.
It seems fairly well documented how to do this with Apache and this is probably the server I will use once I deploy the site. While I am developing though I hope to just use webrick as I am used to doing with rails. Is there a way of configuring webrick to provide the appropriate http header within rails?
678
Access-Control-Allow-Origin is a CORS (Cross-Origin Resource Sharing) header. When Site A tries to fetch content from Site B, Site B can send an Access-Control-Allow-Origin response header to tell the browser that the content of this page is accessible to certain origins.
Rails 4 (http://edgeguides.rubyonrails.org/security.html#default-headers)
In config/application.rb:
config.action_dispatch.default_headers.merge!({ 'Access-Control-Allow-Origin' => '*', 'Access-Control-Request-Method' => '*' }) If you're on Rails 2 just add this to your application contoller.
before_filter :set_access def set_access @response.headers["Access-Control-Allow-Origin"] = "*" end Obviously changing "*" to something a little less open would be a good idea.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
