Enable CORS in Rails | Sajad Torkamani

On this page

Install `rack-cors` gem

Add to Gemfile:

gem 'rack-cors'

Run:

./bin/bundle install

Configure CORS policy

Edit config/initializers/cors.rb:

# frozen_string_literal: true
# Be sure to restart your server when you modify this file.

# Read more: https://github.com/cyu/rack-cors
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins Rails.application.config.frontend_url

    resource "*",
      headers: :any,
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end

Edit config/environments/development.rb and config/environments/test.rb to allow access from all hosts when running in the development and test environments:

Rails.application.configure do
  # other config
  config.frontend_url = '*'
end

Edit config/environments/production.rb to restrict access to specific host in the production environment:

Rails.application.configure do
  # other config
  config.frontend_url = ENV.fetch('FRONTEND_URL')
end

You’ll want to set the FRONTEND_URL as an environment variable in your production server.

Restart your dev server to activate the new CORS policy.

Tagged: Rails

Install rack-cors gem

Configure CORS policy

Install `rack-cors` gem