Rails.application.config.middleware.insert_before 0, Rack::Cors doallow doorigins 'localhost:3000','127.0.0.1:3000',/\Ahttp:\/\/192\.168\.0\.\d{1,3}(:\d+)?\z/# regular expressions can be used hereresource '/file/list_all/',:headers=>'x-domain-token'resource '/file/at/*',methods:[:get,:post,:delete,:put,:patch,:options,:head],headers:'x-domain-token',expose:['Some-Custom-Response-Header'],max_age:600# headers to exposeendallow doorigins '*'resource '/public/*',headers::any,methods::get# Only allow a request for a specific hostresource '/api/v1/*',headers::any,methods::get,if: proc {|env| env['HTTP_HOST']=='api.example.com'}endend