CORS with rails api 5

Question

I'm trying to send a post method using jquery

  jQuery.ajax({
      headers: { 'Authorization': "Token token=123546" },
      url: "https://paycar-public-api.herokuapp.com/api/v1/users", 
      type: "POST",
      processData: false,
      contentType: 'application/json',
      data:  
          JSON.stringify({
          email: "mikew75+123@gmail.com",

        })
  });

I get

Failed to load https://paycar-public-api.herokuapp.com/api/v1/users: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app.instapage.com' is therefore not allowed access. The response had HTTP status code 500.

my application.rb looks like this :

class Application < Rails::Application
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.

# Only loads a smaller set of middleware suitable for API only apps.
# Middleware like session, flash, cookies can be added back manually.
# Skip views, helpers and assets when generating a new resource.
config.api_only = true

# CORS
config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins '*'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
      end
    end
end

the API is hosted with heroku

I'm not sure I understand why it's not working, any help would be greatly appreciated.

Answer 1

Mike,

Checkout this gem to see if it helps you get around the issue: https://github.com/cyu/rack-cors

To learn more about why it's occurring you can check out some of the previously answered questions:

How does Access-Control-Allow-Origin header work?

Answer 2

Actually, it was a simple mistake with my rails setup. it was in staging and the configuration was buggy.