# config/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',headers::any,methods:[:get,:post,:put,:patch,:delete,:options,:head],endend
复杂一些
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'localhost:3000','127.0.0.1:3000',/\Ahttp:\/\/192\.168\.0\.\d{1,3}(:\d+)?\z/# regular expressions can be used here
resource '/file/list_all/',:headers=>'x-domain-token'
resource '/file/at/*',methods:[:get,:post,:delete,:put,:patch,:options,:head],headers:'x-domain-token',expose:['Some-Custom-Response-Header'],max_age:600# headers to exposeend
allow do
origins '*'
resource '/public/*',headers::any,methods::get# Only allow a request for a specific host
resource '/api/v1/*',headers::any,methods::get,if: proc {|env| env['HTTP_HOST']=='api.example.com'}endend