Rails Responds with 404 on CORS Preflight Options Request
Here's a solution with the rack-cors gem, which you said you tried. As others have mentioned, you didn't give much detail in regards to which front-end framework you're using and what the actual request looks like. So the following may not apply to you, but I hope it helps someone.
In my case, the gem worked fine until I used PUT (or PATCH or DELETE).
If you look in your browser developer console, look at the request headers, and you should have a line like this:
Access-Control-Request-Method: PUT
The important thing to note is that the methods you pass to resource are for the Access-Control-Request-Method, not the Request Method that is to come after the pre-flight check.
Note how I have :methods => [:get, :post, :options, :delete, :put, :patch] that will include all the methods I care about.
Thus your entire config section should look something like this, for development.rb:
# This handles cross-origin resource sharing.
# See: https://github.com/cyu/rack-cors
config.middleware.insert_before 0, "Rack::Cors" do
allow do
# In development, we don't care about the origin.
origins '*'
# Reminder: On the following line, the 'methods' refer to the 'Access-
# Control-Request-Method', not the normal Request Method.
resource '*', :headers => :any, :methods => [:get, :post, :options, :delete, :put, :patch], credentials: true
end
end
Working on Rails 3.2.11.
I put
match '*path', :controller => 'application', :action => 'handle_options_request', :constraints => {:method => 'OPTIONS'}
in my routes.rb file. The key was to put it as top priority (on top of the routes.rb file). Created that action so that it is publicly available:
def handle_options_request
head(:ok) if request.request_method == "OPTIONS"
end
And a filter in application controller:
after_filter :set_access_control_headers
def set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE'
end