madeinfree · May 8, 2016 16:11
diff --git a/api-example-controller.rb b/api-example-controller.rb
 class Api::BaseController < ActionController::API
  respond_to :json
  # before_action :set_origin
  # before_action :set_headers
  before_filter :set_cors_header
  after_filter :cors_set_access_control_headers

  def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
    headers['Access-Control-Request-Method'] = '*'
    headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
  end

  def set_cors_header
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
    headers['Access-Control-Request-Method'] = '*'
    headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Typee, Accept, Authorization'
  end

  private

  def set_origin
    @origin = request.headers['HTTP_ORIGIN']
  end

  def set_headers
    if @origin
      # allowed = ['lvh.me', 'localhost:8081', 'my-app.com']
      # allowed.each do |host|
        # if @origin.match /^https?:\/\/#{Regexp.escape(host)}/i
      headers['Access-Control-Allow-Origin'] = '*'
          # break
        # end
      # end
      # or '*' for public access
      # headers['Access-Control-Allow-Origin'] = '*'
      headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
      headers['Access-Control-Request-Method'] = '*'
      headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Typee, Accept, Authorization'
    end
  end
 end
	class Api::BaseController < ActionController::API
	respond_to :json
	# before_action :set_origin
	# before_action :set_headers
	before_filter :set_cors_header
	after_filter :cors_set_access_control_headers

	def cors_set_access_control_headers
	headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
	headers['Access-Control-Request-Method'] = '*'
	headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
	end

	def set_cors_header
	headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
	headers['Access-Control-Request-Method'] = '*'
	headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Typee, Accept, Authorization'
	end

	private

	def set_origin
	@origin = request.headers['HTTP_ORIGIN']
	end

	def set_headers
	if @origin
	# allowed = ['lvh.me', 'localhost:8081', 'my-app.com']
	# allowed.each do \|host\|
	# if @origin.match /^https?:\/\/#{Regexp.escape(host)}/i
	headers['Access-Control-Allow-Origin'] = '*'
	# break
	# end
	# end
	# or '*' for public access
	# headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
	headers['Access-Control-Request-Method'] = '*'
	headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Typee, Accept, Authorization'
	end
	end
	end