Skip to content


Can this be used to serve static assets? #12

moxiemachine opened this Issue · 6 comments

5 participants


Firefox and IE refuse to load webfonts if they're not loaded from the same domain the request came from. I'm attempting to use this gem to set the proper headers so they will accept the files.

Can this gem set access origin headers for assets in the /public directory of a Rails app?


I am wondering the same question. I have been testing it, and it doesn't seem to allow it.


You may need to set :credentials to false, if you are using a cdn and the cache populating request does not include the Origin header then the cdn will not have the cors headers. This may be a bug in rack-cors where public_resources that do not require credentials should send the cors headers even if no Origin is in the request.
(FYI Chrome does not seem to send the Origin header)


I see. Thanks for the message. I have found another gem that allows sending headers on different resources.

cyu commented

It looks like all you have to do is make sure Rack::Cors middleware is defined before ActionDispatch::Static:

# config/application.rb

config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
  allow do
    origins '*'
    resource '*',
      :headers => :any,
      :methods => [:get, :post, :delete, :put, :options],
      :max_age => 0
@cyu cyu closed this

I'm getting the same problem with Rails 4. I wonder if this is still applicable? Not seeing any headers being set at the moment.

cyu commented

What kind of stack are you running (unicorn, passenger, etc)? Also, what is the output of rake middleware and your Cors configuration?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.