enable cors

Gemfile

@@ -36,6 +36,7 @@ gem "omniauth", "~> 1.9.1"
 gem "omniauth-google-oauth2", "~> 0.8.2"
 
 gem "graphql", "~> 2.0"
+gem "rack-cors", "~> 1.1"
 
 group :development, :test do
   gem "dotenv-rails", "~> 2.7"

Gemfile.lock

@@ -124,9 +124,6 @@ GEM
     formtastic_i18n (0.7.0)
     globalid (1.0.0)
       activesupport (>= 5.0)
-    graphiql-rails (1.8.0)
-      railties
-      sprockets-rails
     graphql (2.0.12)
     graphql_playground-rails (2.1.0)
       rails (>= 5.1.0)
@@ -225,6 +222,8 @@ GEM
       activesupport (>= 3.0.0)
     racc (1.6.0)
     rack (2.2.4)
+    rack-cors (1.1.1)
+      rack (>= 2.0.0)
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (7.0.3.1)
@@ -346,7 +345,6 @@ DEPENDENCIES
   enumerize (~> 2.5)
   factory_bot_rails (~> 6.2)
   faker (~> 2.21)
-  graphiql-rails
   graphql (~> 2.0)
   graphql_playground-rails
   image_processing (~> 1.2)
@@ -357,6 +355,7 @@ DEPENDENCIES
   pg (~> 1.1)
   puma (~> 5.0)
   pundit (~> 2.2)
+  rack-cors (~> 1.1)
   rails (~> 7.0.3, >= 7.0.3.1)
   rails-erd (~> 1.7)
   redis (~> 4.0)

config/initializers/cors.rb

@@ -0,0 +1,17 @@
+# Be sure to restart your server when you modify this file.
+
+# Avoid CORS issues when API is called from the frontend app.
+# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
+
+# Read more: https://github.com/cyu/rack-cors
+
+Rails.application.config.middleware.insert_before(0, Rack::Cors) do
+  allow do
+    origins "*"
+    resource "*",
+      headers: :any,
+      methods: [:get, :post, :delete, :put, :patch, :options, :head],
+      max_age: 0,
+      expose: ["Authorization"]
+  end
+end