Skip to content
This repository

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.

branch: master

Rack CORS Middleware

Rack::Cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. The CORS spec allows web applications to make cross domain AJAX calls without using workarounds such as JSONP. For a thorough write up on CORS, see this blog post:

Or for all the gory details, you can read the spec here:

Install the gem:

gem install rack-cors

In your Gemfile:

gem 'rack-cors', :require => 'rack/cors'


You configure Rack::Cors by passing a block to the use command:

use Rack::Cors do
  allow do
    origins 'localhost:3000', '',
            # regular expressions can be used here

    resource '/file/list_all/', :headers => 'x-domain-token'
    resource '/file/at/*',
        :methods => [:get, :post, :put, :delete, :options],
        :headers => 'x-domain-token',
        :expose  => ['Some-Custom-Response-Header'],
        :max_age => 600
        # headers to expose

  allow do
    origins '*'
    resource '/public/*', :headers => :any, :methods => :get

Put your code in “config/application.rb” on your rails application. For example, this will allow from any origins on any resource of your application, methods :get, :post and :options.

module YourApp
  class Application < Rails::Application

    # ...

    config.middleware.use Rack::Cors do
      allow do
        origins '*'
        resource '*', :headers => :any, :methods => [:get, :post, :options]


See for more details on rack middlewares or

Something went wrong with that request. Please try again.