{"id":3532,"date":"2021-04-24T08:52:00","date_gmt":"2021-04-24T08:52:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/rails-api-cors-a-dash-of-consciousness\/"},"modified":"2026-04-24T11:43:55","modified_gmt":"2026-04-24T11:43:55","slug":"rails-api-cors-medvetandegorande","status":"publish","type":"post","link":"https:\/\/thecodest.co\/sv\/blog\/rails-api-cors-dash-of-consciousness\/","title":{"rendered":"Rails API &amp; CORS. Ett st\u00e4nk av medvetenhet"},"content":{"rendered":"\n<p>The proposed <a href=\"https:\/\/thecodest.co\/sv\/dictionary\/what-is-code-refactoring\/\">code<\/a> was always close to the one below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"ruby\" class=\"language-ruby\">config\/initializers\/cors.rb\n\n<a href=\"https:\/\/thecodest.co\/sv\/blog\/ways-to-increase-your-rails-performance\/\">Rails<\/a>.application.config.middleware.insert_before 0, Rack::Cors do\nallow do\norigins ''\nresource '', headers: :any, methods: :any\nend\nend<\/code><\/pre>\n\n\n\n<p>and, unfortunately, these texts were hardly explaining to <a href=\"https:\/\/thecodest.co\/sv\/blog\/why-us-companies-are-opting-for-polish-developers\/\">us<\/a> what to actually do in production.<\/p>\n\n\n\n<p>I\u2019m pretty OK with copy-pasting (<em>I\u2019m sometimes joking that companies could hire a Stack Overflow copy-paster<\/em>), as far as there\u2019s a \u201cthink and adjust\u201d moment between \u201ccopy\u201d and \u201cpaste\u201d. So, I\u2019d like to elaborate a little bit on what we\u2019re doing here and how it works in real life.<\/p>\n\n\n\n<p>I hope you don\u2019t mind me starting with a short introduction to honor theory and then passing on to the Rails examples.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p>Let\u2019s start from the beginning. To explain things better, I\u2019ve split the introduction into three parts. The first part will outline what\u2019s an origin \u2013 the key term for what we are discussing here. The second is about SOP, just a short description. And the last part speaks about the <code>CORS<\/code> itself.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is an origin?<\/h2>\n\n\n\n<p>According to the MDN <a href=\"https:\/\/thecodest.co\/sv\/blog\/find-your-ideal-stack-for-web-development\/\">Web<\/a> Docs:<\/p>\n\n\n\n<p>&#8211; Web content&#8217;s origin is defined by the scheme (protocol), host (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, host, and port all match (<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Origin\">source<\/a>)<\/p>\n\n\n\n<p>That seems pretty clear, doesn\u2019t it? Let\u2019s analyze two examples from MDN, just in case.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>http:\/\/example.com\/app1\/index.html<\/code>, <code>http:\/\/example.com\/app2\/index.html<\/code><\/li>\n<\/ol>\n\n\n\n<p>The 2 above have the same origin because:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>their schemes (http) are the same,<\/li>\n\n\n\n<li>their domains (example.com) are the same,<\/li>\n\n\n\n<li>their ports (implicit) are the same.<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><code>http:\/\/www.example.com<\/code>, <code>http:\/\/myapp.example.com<\/code><\/li>\n<\/ol>\n\n\n\n<p>These 2 have different origin because the domains (<code>www.example.com<\/code>, <code>myapp.example.com<\/code>) are different.<\/p>\n\n\n\n<p>I hope it\u2019s clear enough. If not, please go to the MDN Web Docs for more examples.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is SOP?<\/h2>\n\n\n\n<p>MDN Web Docs say (<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy\">source<\/a>):<\/p>\n\n\n\n<p>&#8211; The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.<\/p>\n\n\n\n<p>&#8211; Cross-origin writes are typically allowed. Examples are links, redirects, and form submissions.<\/p>\n\n\n\n<p>&#8211; Cross-origin embedding is typically allowed.<\/p>\n\n\n\n<p>&#8211; Cross-origin reads are typically disallowed, but read access is often leaked by embedding.<br>Use <code>CORS<\/code> to allow cross-origin access<\/p>\n\n\n\n<p>Well, as you can see, there is a lot about cross-origin behavior in the definitions of SOP. That\u2019s ok. All we should know now is that the same origin has more privileges and we can loosen the rules for cross-origins by using CORS. And here the next section comes in.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is CORS?<\/h2>\n\n\n\n<p>Basing on MDN\u2019s words:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a \u201cpreflight\u201d request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request<\/em> (<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CORS\">source<\/a>).<\/li>\n<\/ul>\n\n\n\n<p>That\u2019s still not enough. What was not said there explicitly is that the most important header when using <code>CORS<\/code> is <code>Access-Control-Allow-Origin<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <code>Access-Control-Allow-Origin<\/code> response header indicates whether the response can be shared with requesting code from the given origin (<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Access-Control-Allow-Origin\">source<\/a>).<\/li>\n<\/ul>\n\n\n\n<p>Well, that should be it. In real life, when configuring <code>CORS<\/code>, we typically configure the <code>ACAO<\/code> header first.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Real Life<\/h1>\n\n\n\n<p>That\u2019s it when it comes to definitions. Let\u2019s circle back to Rails and real-life examples.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to configure CORS in Rails?<\/h2>\n\n\n\n<p>We will definitely use rack-cors (like we were told to). Let\u2019s recall the first snippet, the one that is most often provided in other articles:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"ruby\" class=\"language-ruby\">\nconfig\/initializers\/cors.rb\n\nRails.application.config.middleware.insert_before 0, Rack::Cors do\nallow do\norigins ''\nresource '', headers: :any, methods: :any\nend\nend<\/code><\/pre>\n\n\n\n<p>The number of options is vast or even infinite but let\u2019s consider those two:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>we\u2019re building the <a href=\"https:\/\/thecodest.co\/sv\/blog\/compare-staff-augmentation-firms-that-excel-in-api-team-staffing-for-financial-technology-projects\/\">API<\/a> that is allowed to be used by third party browser clients,<\/li>\n\n\n\n<li>we\u2019ve typical frontend\/backend separation and want to allow our trusted clients to access the API.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Building API accessed by third party clients<\/h3>\n\n\n\n<p>If you\u2019re facing the first option, you probably could go with <code>origins<\/code> &#8216;*&#8217; \u2013 you want others to build a client on the top of your API, and don\u2019t know who they are, right?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Typical frontend\/backend separation<\/h3>\n\n\n\n<p>If you are developing the latter, you probably don\u2019t want everyone to make cross-origin requests to your API. You rather want to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>allow production clients to access production API,<\/li>\n\n\n\n<li>same for staging,<\/li>\n\n\n\n<li>same for localhost,<\/li>\n\n\n\n<li>you may want to allow FE review apps to access staging.<\/li>\n<\/ul>\n\n\n\n<p>We will be still using rack-cors (like we were told to) \u2013 but our way.<\/p>\n\n\n\n<p>Let\u2019s use 2 ENV variables: <code>ALLOWED_ORIGINS<\/code> for literal origin definitions (an asterisk or actual URL) and <code>ALLOWED_ORIGIN_REGEXPS<\/code> for the patterns.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"ruby\" class=\"language-ruby\">config\/initializers\/cors.rb\n\nfrozenstringliteral: true\n\ntoregexp = ->(string) { Regexp.new(string) }\nhosts = [\n*ENV.fetch('ALLOWEDORIGINS').split(','),\n*ENV.fetch('ALLOWEDORIGINREGEXPS').split(';').map(&amp;to_regexp)\n]\n\nRails.application.config.middleware.insert_before 0, Rack::Cors do\nallow do\norigins(*hosts)\n\nresource '*',\n         methods: %i[get post put patch delete options head],\n         headers: :any\n\nend\nend<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">What\u2019s going on here?<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>As you can see, we\u2019re splitting the values defined in ENV variables with different separators. That\u2019s because a semicolon is less likely to appear in the URL defining pattern.<\/li>\n\n\n\n<li>Literal values are ready for use, but we have to map the patterns to be actual Regexp instances.<\/li>\n\n\n\n<li>Then, we\u2019re joining everything together and allowing these hosts to access any resource with whitelisted methods our API uses.<\/li>\n<\/ol>\n\n\n\n<p>This should give you enough flexibility to define proper values in your development, staging and production environments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusions<\/h2>\n\n\n\n<p>Let\u2019s sum up all of the above in key points:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>use ENV variables to configure <code>CORS<\/code>,<\/li>\n\n\n\n<li>use regular expressions to allow different origins to access staging API (e.g., for review apps),<\/li>\n\n\n\n<li>always put \u201cthink and adjust\u201d between \u201ccopy\u201d and \u201cpaste\u201d.<\/li>\n<\/ul>\n\n\n\n<p>That\u2019s it. Have a nice day! \ud83d\ude42<\/p>\n\n\n\n<p><strong>Read more:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/why-you-should-probably-use-typescript\/\">Why you should (probably) use Typescript?<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/10-nyc-startups-worth-mentioning-in-2021\">10 NYC Startups worth mentioning in 2021<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>F\u00f6r en erfaren utvecklare kanske den h\u00e4r texten inte alls \u00e4r \u00f6verraskande, men jag tror att m\u00e5nga av de artiklar jag har l\u00e4st om CORS-installationen i Rails sa n\u00e5got i stil med: anv\u00e4nd rack-cors, l\u00e5t alla v\u00e4rdar komma \u00e5t API:et och (eventuellt): du b\u00f6r \u00f6verv\u00e4ga n\u00e5got annat (\u00e4n att till\u00e5ta alla v\u00e4rdar) i produktionen.<\/p>","protected":false},"author":2,"featured_media":3533,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Rails API &amp; CORS. A dash of consciousness - The Codest<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecodest.co\/sv\/blogg\/rails-api-cors-medvetandegorande\/\" \/>\n<meta property=\"og:locale\" content=\"sv_SE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rails API &amp; CORS. A dash of consciousness\" \/>\n<meta property=\"og:description\" content=\"For an experienced developer, this text may not be surprising at all, but I think that plenty of articles I\u2019ve read about the CORS setup in Rails were saying something like: use rack-cors, allow any host to access the API, and (optionally): you should consider something different (than allowing any host) in production.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecodest.co\/sv\/blogg\/rails-api-cors-medvetandegorande\/\" \/>\n<meta property=\"og:site_name\" content=\"The Codest\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-24T08:52:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-24T11:43:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"thecodest\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"thecodest\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuter\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/\"},\"author\":{\"name\":\"thecodest\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\"},\"headline\":\"Rails API &#038; CORS. A dash of consciousness\",\"datePublished\":\"2021-04-24T08:52:00+00:00\",\"dateModified\":\"2026-04-24T11:43:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/\"},\"wordCount\":942,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/rails-api-and-cors.png\",\"articleSection\":[\"Software Development\"],\"inLanguage\":\"sv-SE\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/\",\"name\":\"Rails API & CORS. A dash of consciousness - The Codest\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/rails-api-and-cors.png\",\"datePublished\":\"2021-04-24T08:52:00+00:00\",\"dateModified\":\"2026-04-24T11:43:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#breadcrumb\"},\"inLanguage\":\"sv-SE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/rails-api-and-cors.png\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/rails-api-and-cors.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/rails-api-cors-dash-of-consciousness\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/thecodest.co\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rails API &#038; CORS. A dash of consciousness\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"name\":\"The Codest\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecodest.co\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sv-SE\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\",\"name\":\"The Codest\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"width\":144,\"height\":36,\"caption\":\"The Codest\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/pl.linkedin.com\\\/company\\\/codest\",\"https:\\\/\\\/clutch.co\\\/profile\\\/codest\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\",\"name\":\"thecodest\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"caption\":\"thecodest\"},\"url\":\"https:\\\/\\\/thecodest.co\\\/sv\\\/author\\\/thecodest\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Rails API &amp; CORS. Ett st\u00e4nk av medvetenhet - The Codest","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecodest.co\/sv\/blogg\/rails-api-cors-medvetandegorande\/","og_locale":"sv_SE","og_type":"article","og_title":"Rails API & CORS. A dash of consciousness","og_description":"For an experienced developer, this text may not be surprising at all, but I think that plenty of articles I\u2019ve read about the CORS setup in Rails were saying something like: use rack-cors, allow any host to access the API, and (optionally): you should consider something different (than allowing any host) in production.","og_url":"https:\/\/thecodest.co\/sv\/blogg\/rails-api-cors-medvetandegorande\/","og_site_name":"The Codest","article_published_time":"2021-04-24T08:52:00+00:00","article_modified_time":"2026-04-24T11:43:55+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png","type":"image\/png"}],"author":"thecodest","twitter_card":"summary_large_image","twitter_misc":{"Written by":"thecodest","Est. reading time":"5 minuter"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#article","isPartOf":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/"},"author":{"name":"thecodest","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76"},"headline":"Rails API &#038; CORS. A dash of consciousness","datePublished":"2021-04-24T08:52:00+00:00","dateModified":"2026-04-24T11:43:55+00:00","mainEntityOfPage":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/"},"wordCount":942,"commentCount":0,"publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"image":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png","articleSection":["Software Development"],"inLanguage":"sv-SE","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/","url":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/","name":"Rails API &amp; CORS. Ett st\u00e4nk av medvetenhet - The Codest","isPartOf":{"@id":"https:\/\/thecodest.co\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#primaryimage"},"image":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png","datePublished":"2021-04-24T08:52:00+00:00","dateModified":"2026-04-24T11:43:55+00:00","breadcrumb":{"@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#breadcrumb"},"inLanguage":"sv-SE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/"]}]},{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#primaryimage","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/rails-api-and-cors.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thecodest.co\/"},{"@type":"ListItem","position":2,"name":"Rails API &#038; CORS. A dash of consciousness"}]},{"@type":"WebSite","@id":"https:\/\/thecodest.co\/#website","url":"https:\/\/thecodest.co\/","name":"Codest","description":"","publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecodest.co\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sv-SE"},{"@type":"Organization","@id":"https:\/\/thecodest.co\/#organization","name":"Codest","url":"https:\/\/thecodest.co\/","logo":{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","width":144,"height":36,"caption":"The Codest"},"image":{"@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/pl.linkedin.com\/company\/codest","https:\/\/clutch.co\/profile\/codest"]},{"@type":"Person","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76","name":"thecodest","image":{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","caption":"thecodest"},"url":"https:\/\/thecodest.co\/sv\/author\/thecodest\/"}]}},"_links":{"self":[{"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/posts\/3532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/comments?post=3532"}],"version-history":[{"count":5,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/posts\/3532\/revisions"}],"predecessor-version":[{"id":8392,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/posts\/3532\/revisions\/8392"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/media\/3533"}],"wp:attachment":[{"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/media?parent=3532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/categories?post=3532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecodest.co\/sv\/wp-json\/wp\/v2\/tags?post=3532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}