How to Configure the Network Settings for a Rails API App
This guide explains how to configure the rack cors gem to allow for outside application communication.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license
APPLY NOWLEARN MORE

As I was saving the last video I remembered that I forgot one item. And it's actually a very important item because our API will not let any other services communicate with it unless we say that they are allowed to. And that's something that Rails has built in their security system just by default. But with a Rails API obviously, you do want other services contacting you.

The way that you are going to fix this is by going into your Gemfile and they already give you a set of default gems if you notice you have your gems that come installed with Rails and then they even give you some commented out ones that can give you additional information or give you some optional features. Now we want to go down to line 21 and assuming you're using the same version of rails and they have this still in on your version. If not you can just type it in from scratch. We need to use the rack-cors gem.

large

So if you read the description it says use Rack Cors for handling cross-origin resource sharing. And so what this is allowing you to do is it lets you set up rules and guidelines for your API because you wouldn't want just anyone to be able to communicate with your API you want to only have authorized people and that's what cors lets you do. So I'm going to save here and now if I come back to the terminal and run 

bundle install

This is going to give us what we need. So this is going to bring in the cors gem and now all we're going to have to do is add the configuration file. So switching back to sublime text go into config/initializers/cors.rb where we have a cors.rb file that's built in. And if you look at this file, for right now all we have to do is uncomment this code.

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

    resource '*',
      headers: :any,
      methods: [:get, :post, :put, :delete, :options, :head]
  end
end

Now in a real-life scenario when I decide to take this application and deploy it to the web or right before then what you can do is establish all of the values so I can add my whitelist I can say these are the URLs that can communicate directly with this application. And for right now I want any application to do it. Now you at home, you won't be able to do it because I am on my local machine. So you would never use origins '*' in a real-life scenario on the server because that means essentially anyone is allowed in. That would be a very bad security risk and if you did do this then you'd have to add some other security features that you build yourself such as putting some kind of security token inside of the requests that you make between applications. That's a standard way of doing it if you're going to allow all origins here. But for our sake, we do want that because we want to just allow for easy communication between the API's right now and we're not going to worry about security at the moment.

So this is the only change you have to make to uncomment the code and then change origins from example.com to * and this should be all that we need. So I am going to run this just to make sure that everything is working. 

rails s -p 3001

So we run this on 3001. And I'll go pull up a browser. And now if I go to a localhost:3001/freelance_documents. You can see that all of this is still working.

So we have all of our data and now because we added the Rack-Cors gem and configured it we're going to allow the other applications and in particular, the freelance camp application to communicate with it and be able to pull these in.

Resources