Ember+Rails devs: what do you do for CORS/OPTIONS responses?

My apologies, I should have included

# cross origin policy rack middleware
gem 'rack-cors', require: 'rack/cors'

and here is what my cors initializer looks like

Rails.application.config.middleware.insert_before 0, "Rack::Cors", debug: true, logger: (-> { Rails.logger }) do
  allow do
    origins 'originoftheemberapp', 'anotheremberapporigin'

    resource '*',
      headers: :any,
      methods: [:get, :post, :delete, :put, :options, :head],
      credentials: true,
      max_age: 0

Let me know if that does it for you. I think I picked out the important bits but I maybe missing something. This is also assuming you’re not using cookies for auth. If you are then you need to also include

  crossDomain: true
    withCredentials: true <-- this bit

and I think you need this too but it maybe redundant

ApplicationAdapter = DS.ActiveModelAdapter.extend(
  corsWithCredentials: true <-- this bit

If you’re using devise cookie based sessions and ember-simple-auth this may also be interesting WARNING this is not the default way to use simple-auth and devise

1 Like