👀 Views: 0 💬 Answers: 1 📅 Created: 2025-06-12

ruby-on-rails activestorage cors nginx production Ruby

I need some guidance on I've been banging my head against this for hours. I'm working with Rails 7.1 and trying to implement direct uploads using ActiveStorage for user avatars. In my development environment, everything works perfectly, but once I deploy to production, I run into a CORS scenario. When users attempt to upload files, I see the following behavior in the browser console: ``` Access to fetch at 'https://myapp.com/rails/active_storage/direct_uploads' from origin 'https://myapp-frontend.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. ``` I've confirmed that my CORS settings in the `config/initializers/cors.rb` file are correct: ```ruby Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins 'https://myapp-frontend.com' resource '*', headers: :any, methods: [:post, :get, :options] end end ``` However, it seems like the CORS headers are not being set on the direct upload endpoint when the request comes from the frontend. I have also checked that both the frontend and backend are served over HTTPS. I've tried restarting my server and clearing any caches, but the scenario continues. Additionally, I'm using Nginx as a reverse proxy, and I haven't configured any additional CORS settings there. Should I add specific headers in my Nginx configuration for this endpoint? Or is there something wrong with how ActiveStorage is handling CORS in production? Any insights would be greatly appreciated! Thanks in advance! This is part of a larger application I'm building.