ruby on rails - Unable to set 'Access-Control-Allow-Origin' for Spree API -
every time i'm trying set 'access-control-allow-origin' header spree commerce api, no header being passed ajax calls.
i'm extending base_controller.rb:
file: app/controllers/spree/api/base_controller_decorator.rb
after_filter :set_access_control_headers def set_access_control_headers headers['access-control-allow-origin'] = '*' headers['access-control-request-method'] = '*' end
the header added requests every time view json directly browser. however, no header visible when making ajax calls...
can explain me how this? there workaround issue?
you don't need in application controller, rather need gem:
add gem 'rack-cors', :require => 'rack/cors'
gemfile, bundle install
in config/application.rb
configure rack-cors accept requests origin. belongs anywhere inside application class.
config.middleware.insert_before 0, "rack::cors" allow origins '*' resource '*', :headers => :any, :methods => [:get, :post, :options] end end
origins '*'
indicates allowing requests domain. if want restrict specific domain (i.e. internally open api, keep closed external users), change '*'
specific domain name.
see https://github.com/cyu/rack-cors more details
Comments
Post a Comment