You might need to add:

"""

# authorize calls from ngrok.io urls.

config.hosts << /[a-z0-9]+\.ngrok\.io/

"""

At the bottom of the file:

config/environments/development.rb

You are not supposed to need CORS because this setup should host the frontend and the backend on the same domain. However, if you want to do so, here is how I like do add CORS headers to my backend HTTP API responses:

I create an AuthController class. Then I make my API Controllers (those returning data to the frontend) inherit from the AuthController. Here is my AuthController class:

"""

# frozen_string_literal: true

class AuthController < ActionController::API

before_action :allow_cors

protected

def allow_cors

response.headers['Access-Control-Allow-Origin'] = request.headers['Origin'] || '*'

response.headers['Access-Control-Allow-Credentials'] = 'true'

response.headers['Access-Control-Allow-Headers'] = 'accept, content-type'

response.headers['Access-Control-Allow-Methods'] = 'GET,POST'

end

end

"""

Then here is one of my controller inheriting from this AuthController:

"""

class AccessButtonController < AuthController

def index

# return json here

end

end