In this blog post, I'll show you how to fix that problem if your API is based on Ruby on Rails.
Add rack-cors to Your Gemfile
First, you'll need to add rack-cors to your Gemfile and run bundle install. Rack-cors is Rack middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
# Gemfile gem 'rack-cors', :require => 'rack/cors'
Configure Origins to Allow and Resources to Share
Next, open up your config/application.rb file and add the lines below:
# config/application.rb ... class Application < Rails::Application # Access-Control-Allow-Origin config.middleware.insert_before 0, Rack::Cors do allow do origins 'localhost:3000', /https*:\/\/.*?bloopist\.com/ resource '*', :headers => :any, :methods => :any end end end
The array that is passed to origins tells rack-cors from which domains to allow Cross-Origin Resource Sharing. This array can contain both strings and regular expressions. Notice that I'm allowing localhost (for development purposes) and all of the Bloopist domain. The Bloopist regular expression allows resource sharing to pages that are loaded through http or https on any subdomain of bloopist.com.
The arguments passed to
resource tell rack-cors what which paths to allow the domains passed to
origins to access. To allow access to all paths in your application, pass '*'. If you're making an API, then you probably want this to be something like '/api'
For more information on how to set up the origins and resources you're sharing with rack-cors, see the rack-cors documentation.
Was the information in this blog post helpful? Is there something that you think needs to be added? Let me know in the comments!
Photo by Beyond Coal & Gas Image Library