Today I Learned
CORS is real. The part that really tripped me up, is the preflight OPTIONS request.
You can handle this options request in Rails with a nice routing constraint.
match '*', to: 'cors#handle', via: %i(options)
Then set your
Access-Control-[Whatever] headers accordingly, and you’re in business.