kingcons · November 5, 2015 14:52
diff --git a/cors.rb b/cors.rb
 # CORS (Cross Origin Resource Sharing)

 =begin
 Y'all I completely forgot to mention this yesterday!

 We've got to enable this for *other* websites to be able to make requests to our website,
 similar to disabling the CSRF forgery protection. With CSRF forgery disabled but CORS not *enabled*,
 other HTTP clients (like Postman and HTTParty and curl) can make requests to the server but other
 websites in the browser (like frontend-team.divshot.com) cannot.
 =end

 ## Add to your gemfile and bundle
 gem 'rack-cors'

 ## Add to the bottom of the file config.ru
 require 'rack/cors'
 use Rack::Cors do

  allow do
    origins '*'
    resource '*',
             :headers => :any,
             :expose  => ['Access-Token', 'expiry', 'token-type', 'uid', 'client'],
             :methods => [:get, :post, :delete, :put, :patch, :options, :head]
  end
 end
	# CORS (Cross Origin Resource Sharing)

	=begin
	Y'all I completely forgot to mention this yesterday!

	We've got to enable this for other websites to be able to make requests to our website,
	similar to disabling the CSRF forgery protection. With CSRF forgery disabled but CORS not enabled,
	other HTTP clients (like Postman and HTTParty and curl) can make requests to the server but other
	websites in the browser (like frontend-team.divshot.com) cannot.
	=end

	## Add to your gemfile and bundle
	gem 'rack-cors'

	## Add to the bottom of the file config.ru
	require 'rack/cors'
	use Rack::Cors do

	allow do
	origins '*'
	resource '*',
	:headers => :any,
	:expose => ['Access-Token', 'expiry', 'token-type', 'uid', 'client'],
	:methods => [:get, :post, :delete, :put, :patch, :options, :head]
	end
	end