CORS issue: Getting error “No 'Access-Control-Allow-Origin' header is present” when it actually is

Question

I doubt the backend serving my app is important, but if you care, I\'m using rack-cors with a Rails 4.0 app.

Using jQuery, I send my app a PATCH request lik

Answer 1

Exclude Rails CSRF checking in the action ;)

That is, Rails checks for an authenticity token with update/create requests. Within your Rails app, this token is added to all of your forms. But with javascript requests, including it is tricky.

You can skip checking it for an action by adding this to your controller:

skip_before_filter :verify_authenticity_token, :only => [:update]

BTW, your problem had nothing to do with CORS, you were getting a bad error message in the browser. The Rails log tells the real story.