# within config/initializers/cors.rb # ENV["CUSTOM_RAILS_ENV"] is kinda solution to execute some instence variables based on staging, production... # ENV["URL_DOMAIN"] is the url like www.example.com (for production) but it will https://example.herokuapp.com/... for staging environment case ENV["CUSTOM_RAILS_ENV"].to_sym when :staging || :landing_page || :production puts "" print(":staging || :landing_page || :production CORS") puts "" Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins "*" resource "*", headers: :any, methods: :get, if: proc { |env| env["HTTP_HOST"] == ENV["URL_DOMAIN"] } # 💎 for instance here i am expecting that URL_DOMAIN is www.example.com # only requests from www.example.com are alowed to www.example.com/api/... end end when :local puts "" print("Local CORS") puts "" Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do # origins '3f3439f8d20e.ngrok.io' origins "localhost:3000" resource "*", headers: :any, methods: %I[get post put patch delete options head] end end else print("There is an error inside cors setup") end