jsomara · July 10, 2014 14:53
diff --git a/base_controller.rb b/base_controller.rb
 class Api::BaseController < ApplicationController
  before_filter :authenticate_user!, :except => [:options]
  before_filter :subscribed_user, :except => [:options]

 ...

  def options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
    headers['Access-Control-Max-Age'] = '1000'
    headers['Access-Control-Allow-Headers'] = 'X-Requested-With,Content-Type, Cache-Control, Accept, X-CSRF-Token, Authorization, X-XSRF-Token'

    render :json => "", :content_type => "application/json"
  end
 end
diff --git a/config slash application.rb b/config slash application.rb
  # CORS Configuration
    config.middleware.insert_before Warden::Manager, Rack::Cors do
      allow do
        origins '*'
        resource '*', :headers => :any, :methods => [:get, :post, :options, :delete, :put]
      end
    end
diff --git a/routes.rb b/routes.rb
    match "/*path" => "base#options", :via => :options
	class Api::BaseController < ApplicationController
	before_filter :authenticate_user!, :except => [:options]
	before_filter :subscribed_user, :except => [:options]

	...

	def options
	headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
	headers['Access-Control-Max-Age'] = '1000'
	headers['Access-Control-Allow-Headers'] = 'X-Requested-With,Content-Type, Cache-Control, Accept, X-CSRF-Token, Authorization, X-XSRF-Token'

	render :json => "", :content_type => "application/json"
	end
	end
	# CORS Configuration
	config.middleware.insert_before Warden::Manager, Rack::Cors do
	allow do
	origins '*'
	resource '*', :headers => :any, :methods => [:get, :post, :options, :delete, :put]
	end
	end