abelorian · August 29, 2015 14:14
diff --git a/CORS with Rails Devise b/CORS with Rails Devise
 References:
 http://blog.carbonfive.com/2012/02/27/supporting-cross-domain-ajax-in-rails-using-jsonp-and-cors/
 https://github.com/cyu/rack-cors
 http://nelm.io/blog/2011/11/cors-with-sencha-touch/
 http://jessehowarth.com/2011/04/27/ajax-login-with-devise

 =============================================================================================================
 GEMFILE
 =============================================================================================================
 gem 'rack-cors', :require => 'rack/cors'

 =============================================================================================================
 config/application.rb
 =============================================================================================================
 # Ensure Rack::Cors to run before Warden::Manager used by Devise
 config.middleware.insert_before Warden::Manager, Rack::Cors do
  allow do
    origins '*'
    resource '*',
    :headers => :any,
    :methods => [:get, :post, :options]
  end
 end

 =============================================================================================================
 config.ru
 =============================================================================================================

 
 require 'rack/cors'
 use Rack::Cors do
 
  # allow all origins in development
  allow do
    origins '*'
    resource '*', 
        :headers => :any, 
        :methods => [:get, :post, :delete, :put, :options]
  end
 end

 =============================================================================================================
 config/initializers/devise.rb
 =============================================================================================================
 config.http_authenticatable_on_xhr = false
 config.navigational_formats = ["*/*", :html, :json]

 =============================================================================================================
 Custom Devise Sessions Controller: app/controllers/sessions_controller.rb
 =============================================================================================================
 class SessionsController < Devise::SessionsController
  
  def create
    if request.xhr?
      resource = warden.authenticate!(:scope => resource_name, :recall => "sessions#failure")
      return sign_in_and_redirect(resource_name, resource)
    else
      super
    end
  end
  
  def sign_in_and_redirect(resource_or_scope, resource=nil)
    scope = Devise::Mapping.find_scope!(resource_or_scope)
    resource ||= resource_or_scope
    sign_in(scope, resource) unless warden.user(scope) == resource
    return render :json => {:success => true, :redirect => stored_location_for(scope) ||     
    after_sign_in_path_for(resource)}
  end

  def failure
    return render:json => {:success => false, :errors => ["Login failed."]}
  end

 end

 =============================================================================================================
 Custom Devise Sessions Controller: config/routes.rb
 =============================================================================================================
 devise_for :users, :controllers => {:sessions => 'sessions'}
	References:
	http://blog.carbonfive.com/2012/02/27/supporting-cross-domain-ajax-in-rails-using-jsonp-and-cors/
	https://github.com/cyu/rack-cors
	http://nelm.io/blog/2011/11/cors-with-sencha-touch/
	http://jessehowarth.com/2011/04/27/ajax-login-with-devise

	=============================================================================================================
	GEMFILE
	=============================================================================================================
	gem 'rack-cors', :require => 'rack/cors'

	=============================================================================================================
	config/application.rb
	=============================================================================================================
	# Ensure Rack::Cors to run before Warden::Manager used by Devise
	config.middleware.insert_before Warden::Manager, Rack::Cors do
	allow do
	origins '*'
	resource '*',
	:headers => :any,
	:methods => [:get, :post, :options]
	end
	end

	=============================================================================================================
	config.ru
	=============================================================================================================


	require 'rack/cors'
	use Rack::Cors do

	# allow all origins in development
	allow do
	origins '*'
	resource '*',
	:headers => :any,
	:methods => [:get, :post, :delete, :put, :options]
	end
	end

	=============================================================================================================
	config/initializers/devise.rb
	=============================================================================================================
	config.http_authenticatable_on_xhr = false
	config.navigational_formats = ["/", :html, :json]

	=============================================================================================================
	Custom Devise Sessions Controller: app/controllers/sessions_controller.rb
	=============================================================================================================
	class SessionsController < Devise::SessionsController

	def create
	if request.xhr?
	resource = warden.authenticate!(:scope => resource_name, :recall => "sessions#failure")
	return sign_in_and_redirect(resource_name, resource)
	else
	super
	end
	end

	def sign_in_and_redirect(resource_or_scope, resource=nil)
	scope = Devise::Mapping.find_scope!(resource_or_scope)
	resource \|\|= resource_or_scope
	sign_in(scope, resource) unless warden.user(scope) == resource
	return render :json => {:success => true, :redirect => stored_location_for(scope) \|\|
	after_sign_in_path_for(resource)}
	end

	def failure
	return render:json => {:success => false, :errors => ["Login failed."]}
	end

	end

	=============================================================================================================
	Custom Devise Sessions Controller: config/routes.rb
	=============================================================================================================
	devise_for :users, :controllers => {:sessions => 'sessions'}