Hi,
I’m setting up Forest with a Rails API. Since we have a mobile app using this API, we need CORS to allow any origin (using a wildcard). However, this does not work with Forest, as Forest expects a list of origins.
Is there a solution for this?
thanks,
Matthias
Hello @MatthiasRichard,
I’ve just found this thread on our forum that is mentionning CORS and wildcards so I bet it can help. 
Let me know if it does!
Kind regards,
Louis
Maybe you can also check this link from our official documentation that explain how to configure CORS headers properly
thanks for your help! I did follow the official doc. However, defining allowed origins works for web apps, but since we also have mobile apps, the list of potential origins is not limited, which is what forest seems to require.
Hello @MatthiasRichard,
What are you using for handling cors with your install? Are you using the Rack CORS gem as suggested in the documentation?
If I understand correctly their documentation, they have an example with a configuration that accepts all origins:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :put]
end
end
If I adapt it for the needs of Forest Admin, it becomes
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',
headers: :any,
methods: :any,
expose: ['Content-Disposition'],
credentials: true
end
end
Does it work for you?
Thanks for your help!
I am using rack cors. However, it does not accept wildcards with credentials: true (as needed by forest)
I’d be curious to know how some of your customers using Rails and having a mobile app do it. Qonto should have had the same issue …
If you need it to be configured for your mobile app, can you specify the origin value that is sent by your mobile app? Do you have any way of retrieving this value?
Also another way of bypassing this is to use a regex .* as the gem accepts regexes for the hosts, as stated in their docs.