Skip to content

Instantly share code, notes, and snippets.

@wiserfirst

wiserfirst/base_controller.rb

Forked from dhoelzgen/base_controller.rb
Last active December 9, 2015 04:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save wiserfirst/db902e58ccd756ccc019 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save wiserfirst/db902e58ccd756ccc019 to your computer and use it in GitHub Desktop.
Download ZIP
CORS in Rails 4 APIs
Raw
base_controller.rb
class Api::BaseController < ActionController::Base
protect_from_forgery with: :null_session
before_action :authenticate, :except => [:preflight_check]
after_action :cors_set_access_control_headers
def preflight_check
if request.method == 'OPTIONS'
render :text => '', :content_type => 'text/plain'
end
end
private
def authenticate
# implement your authentication method
raise 'You need to implement authenticate()'
end
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, PATCH, DELETE, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, X-Prototype-Version, Token'
headers['Access-Control-Max-Age'] = '1728000'
end
end
Raw
routes.rb
Rails.application.routes.draw do
namespace :api, :defaults => {:format => :json} do
resources :whatever, :another
# for the preflight request
match "*path" => "base#preflight_check", via: [:options]
end
end
Raw
whatever_controller.rb
class Api::WhateverController < Api::BaseController
def upload
# Do complicated super secret stuff
render json: { success: true }
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment