ckozus · March 25, 2013 14:08
diff --git a/requests_controller.rb b/requests_controller.rb
 class RequestsController < ApplicationController
  def create
   if access_allowed?
      set_access_control_headers
      head :created
    else
      head :forbidden
    end
  end

  def options
    if access_allowed?
      set_access_control_headers
      head :ok
    else
      head :forbidden
    end
  end

  private
  def set_access_control_headers
      headers['Access-Control-Allow-Origin'] =  request.env['HTTP_ORIGIN'] # '*'
      headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
      headers['Access-Control-Max-Age'] = '1000'
      headers['Access-Control-Allow-Headers'] =  'Content-Type' #'*, X-Requested-With' #'*, Origin, Content-Type, Accept, X-Requested-With, X-CSRF-Token' #'Authorization'
      headers['Content-Type'] = 'text/plain'
      headers['Access-Control-Allow-credentials'] = 'true'
    end
 end
diff --git a/routes.rb b/routes.rb
  match  '*request', :controller => 'requests', :action => 'options', :constraints => {:method => 'OPTIONS', :format => 'json'}
	class RequestsController < ApplicationController
	def create
	if access_allowed?
	set_access_control_headers
	head :created
	else
	head :forbidden
	end
	end

	def options
	if access_allowed?
	set_access_control_headers
	head :ok
	else
	head :forbidden
	end
	end

	private
	def set_access_control_headers
	headers['Access-Control-Allow-Origin'] = request.env['HTTP_ORIGIN'] # '*'
	headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
	headers['Access-Control-Max-Age'] = '1000'
	headers['Access-Control-Allow-Headers'] = 'Content-Type' #', X-Requested-With' #', Origin, Content-Type, Accept, X-Requested-With, X-CSRF-Token' #'Authorization'
	headers['Content-Type'] = 'text/plain'
	headers['Access-Control-Allow-credentials'] = 'true'
	end
	end
	match '*request', :controller => 'requests', :action => 'options', :constraints => {:method => 'OPTIONS', :format => 'json'}