Rails middleware to access API without Access Control Allow Origin header

Question

Our goal is to create a rails app that will periodically get data from an online cloud POS service through its API. The data to be gathered is inventory information for certain accounts, if the quantity of a certain item goes to a certain level the app will send an email to a user. Also, this app will be used in the future to send push notification to android devices. My question is, will my rails app be affected by the same origin policy?If so, is there a workaround for this. I've tried using curl before and it works, but when I use javascript the server responds with an error.

Answer 1

There's no workaround for CORS - it's a standard way of protecting your server from random access. As @apnediving mentioned, you can use the rack-cors gem to manage the CORS policy on YOUR SERVER

If you're relying on other servers for data, you'll have to update their CORS policies to allow you to connect to them. The CORS policy is just a gatekeeper for the "host" server

Essentially, all you need to do is permit a series of endpoints (urls) to allow access from third parties (typically through xhr -- which is why you're receiving an error). From what I can see, you'll need to sort out accessing the third party API from your app - that's under the remit of the POS service provider