ruby on rails - Unable to set 'Access-Control-Allow-Origin' for Spree API -


every time i'm trying set 'access-control-allow-origin' header spree commerce api, no header being passed ajax calls.

i'm extending base_controller.rb:

file: app/controllers/spree/api/base_controller_decorator.rb

after_filter :set_access_control_headers  def set_access_control_headers   headers['access-control-allow-origin'] = '*'   headers['access-control-request-method'] = '*' end 

the header added requests every time view json directly browser. however, no header visible when making ajax calls...

can explain me how this? there workaround issue?

you don't need in application controller, rather need gem:

add gem 'rack-cors', :require => 'rack/cors' gemfile, bundle install

in config/application.rb configure rack-cors accept requests origin. belongs anywhere inside application class.

config.middleware.insert_before 0, "rack::cors"   allow     origins '*'     resource '*', :headers => :any, :methods => [:get, :post, :options]   end end 

origins '*' indicates allowing requests domain. if want restrict specific domain (i.e. internally open api, keep closed external users), change '*' specific domain name.

see https://github.com/cyu/rack-cors more details


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -