I have a simple controller method that logs headers via ActionController's #headers method:
class ThingsController < ActionController::Base
def show
Rails.logger.info headers
render json: {response: 'success'}
end
end
However, when I call this controller method via curl with headers, they are not logged:
curl "http://localhost:3000/things/1” \
-H "access-token XXX" \
-H "token-type Bearer" \
-H "client YYY" \
-H "expiry 1234" \
-H "uid test@test" \
Instead, the following headers are logged:
{"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff"}
I thought my Rails 5 app's CORS policy might be to blame, so I installed the rack-cors gem and configured it in the initializer below. Unfortunately, it did not change the result.
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',
headers: :any,
methods: %i(get post put patch delete options head)
end
end