First, this is a great rack application, I was thrilled to find it!
A minor thing that I ran into though:
The app won't work with our origin content://com.company.app (used by trigger.io among others). I solved it using a regular expression /content\:\/\/com\.skovik\.mobile/ which gets special treatment.
My suggestions for improvements:
† Look for :// to determine if a protocol is included, the current code checks specifically for file://, https:// and http:// allow them through.
For reference, this is the code I'm using:
config.middleware.use Rack::Cors do
resource '*', :headers => :any, :methods => [:get, :post, :put, :patch, :delete, :options]