Test CORS headers with Rails in development
When testing CORS headers in Rails, an additional step is needed to check that the headers are working correctly. This is because of a behaviour in Chrome specifically, where requests that are to the same origin do not perform CORS validation - so it’s very difficult to tell whether CORS is working correctly or not. Chrome does not even appear to send the ‘Origin’ header for same-origin requests, meaning that CORS headers never show up in the response.
Configure asset host:
# config/environments/development.rb Rails.application.configure do # ... config.asset_host = "http://localhost:3001" # ... end
Starting the first Rails server:
bundle exec rails s
Starting the second Rails server:
bundle exec rails s -p3001 --pid=tmp/pids/server1.pid
Then visit http://localhost:3000. If you inspect the network requests, you should see some CORS warnings (unless you already have CORS configured correctly of course!).