> ## Documentation Index
> Fetch the complete documentation index at: https://forest-chore-open-api.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring CORS headers

Depending on how you've setup your app, you may encounter a [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) error. It will look like this in your browser console:

<img src="https://mintcdn.com/forest-chore-open-api/DwOJ-XBdKEod-4Pc/images/legacy/javascript-agents/cors.png?fit=max&auto=format&n=DwOJ-XBdKEod-4Pc&q=85&s=f4dc83eb3ac9bc9b8e0be7b3dc07d4cc" alt="" width="1294" height="284" data-path="images/legacy/javascript-agents/cors.png" />

In this case, you need to configure the right CORS headers to **allow the domain** `app.forestadmin.com` to trigger an API call on your Application URL, which is a different domain name (e.g. localhost:3000 on development).

### Rails

We use the [Rack CORS](https://github.com/cyu/rack-cors) Gem for this purpose.

```ruby theme={null}
module YourApp
  class Application < Rails::Application
    # ...

    # For Rails 5, use the class Rack::Cors. For Rails 4, you MUST use the string 'Rack::Cors'.
    null_regex = Regexp.new(/\Anull\z/)
    config.middleware.insert_before 0, Rack::Cors do
      allow do
        hostnames = [null_regex, 'localhost:4200', 'app.forestadmin.com', 'localhost:3001']
        hostnames += ENV['CORS_ORIGINS'].split(',') if ENV['CORS_ORIGINS']
        origins hostnames
        resource '*',
          headers: :any,
          methods: :any,
          expose: ['Content-Disposition'],
          credentials: true
      end
    end
  end
end
```
