Was wondering about forgery_protection_origin_check and how it relates to setting up Rack::Cors middleware which rails ships with.
Seems like you can define origins within the Rack::Cors middleware, so I’m wondering if maybe those origins should be respected when performing forgery_protection_origin_check.
Or is the solution just to disable this additional check when using Rack::Cors?
