I am using the rack-cors gem with a Rail 5.1 API.
I have the following initializer as per the documentation:
config/initializers/cors.rb
module Api
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins ['http://localhost:4200','https://app.mydomain.com/']
resource '*',
headers: :any,
:expose => ['access-token', 'expiry', 'token-type', 'uid', 'client'],
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
end
However, this means that when deployed to production my api will accept requests from any localhost:4200
origin.
How can I separate these settings out so that different environments can have different allowed origins?