Marco Aviles
Reputation: 5596
Cors definition in Sinatra
I'm building a simple app using Ruby and Sinatra and was looking for a sample CORS config, and I found this:
before do
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Headers'] = 'Accept, Authorization, Origin'
end
options '*' do
response.headers['Allow'] = 'HEAD, GET, PUT, DELETE, OPTIONS, POST'
response.headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept'
end
It works correctly but I wanted to go more into details. The options Access-Control-Allow-Headers are different from the others in the before block.
I was wondering if they make reference to the options itself or have a reason behind it? I'm not sure if they should be the same.
Upvotes: 2
Views: 291
Answers (1)
Andy
Reputation: 5414
The options block mainly serves as a Preflight request. It tells the client what headers/methods are allow before actually making the actual HTTP request.
As for the before block, I believe you only need to set the Allow Origin, unless you use different configuration for different endpoint.
Upvotes: 4
Related Questions
- How to enable CORS in Rails 4 App
- Cross-Origin Request Blocked with Sinatra and ReactJS
- Allow CORS in Ruby on Rails
- AngularJS and sinatra CORS
- How to Configure CORS Accept Headers in Rails
- CORS error for rails API
- what is wrong with my CORS configuration ?
- Cross domain session with Sinatra and AngularJS
- Sinatra/Thin: CSRF Warning on CORS xhr preflight request
- CORS trouble between Sinatra and AngularJS