DEV Community

RAHUL DHOLE
RAHUL DHOLE

Posted on

roadauth-rails api jwt cors 2024

cors.rb for rails api only roadauth authentication.

The most important is to not expose: ['authorization'] to receive the JWT token.

gem install rack-cors
Enter fullscreen mode Exit fullscreen mode
# cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    # also update application.rb allowed_hosts
    origins ENV['ALLOWED_HOSTS']&.split(',') || ['localhost']

    resource "*",
      headers: :any,
      expose: ['authorization'],
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end
Enter fullscreen mode Exit fullscreen mode

Top comments (0)