If you want a more configurable and standard way of doing this, then use the gem
Otherwise you can do it in a quick and dirty way using a before_filter. Im going to put mine in the application controller to apply to the whole site, you may want to restrict this in specific controllers.
# app/controllers/application_controller.rb class ApplicationController < ActionController::Base before_filter :apply_cors_policy private def apply_cors_policy headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS' headers['Access-Control-Request-Method'] = '*' headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization' end end
Related External Links: