Cross Origin Requests (CORS)
If your API and client live on different domains, you will need to configure your Rails API to allow cross origin requests. The rack-cors gem can be used to accomplish this.
The following dangerous example will allow cross domain requests from any domain. Make sure to whitelist only the needed domains.
Example rack-cors configuration:
Make extra sure that the Access-Control-Expose-Headers
includes access-token
, expiry
, token-type
, uid
, and client
(as is set in the example above by the:expose
param). If your client experiences erroneous 401 responses, this is likely the cause.
CORS may not be possible with older browsers (IE8, IE9). I usually set up a proxy for those browsers. See the ng-token-auth readme or the jToker readme for more information.
Last updated