CORS issue + Rails + Billing Confirmation URL

Shopify Apps

Topic summary

A developer is encountering a CORS (Cross-Origin Resource Sharing) error when redirecting store admins to Shopify’s billing confirmation URL after implementing the Recurring Application Charge API.

Technical Details:

  • Using Rails 7 with the rack-cors gem
  • CORS initializer configured with:
    • Origins: ‘*’
    • Resources: ‘*’
    • Methods: [:get, :post, :patch, :put, :options]
    • Headers: any
  • Error occurs during redirect from localhost:3000 to the Shopify admin charges confirmation URL

Error Message:
Browser blocks the request due to missing ‘Access-Control-Allow-Origin’ header on the requested resource.

Status:
The issue remains unresolved with the developer seeking guidance on how to fix this CORS configuration problem in their Rails application.

Summarized with AI on November 23. AI used: claude-sonnet-4-5-20250929.
1

I have implemented https://shopify.dev/api/admin-rest/2022-10/resources/recurringapplicationcharge#post-recurring-application-charges and while redirecting the store admin to confirmation url in the billing response, I am facing CORS issue.

Access to fetch at ‘https://abc.myshopify.com/admin/charges/11/22/RecurringApplicationCharge/confirm_recurring_application_charge?signature=123asd’ (redirected from ‘http://localhost:3000/?embedded=1&hmac=aa&locale=en&plan_id=1&session=aa&shop=abc.myshopify.com×tamp=1673080518’) from origin ‘http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.> > I am using rails 7, added rack-cors gem and the cors.rb initializer has> Rails.application.config.middleware.insert_before 0, Rack::Cors do> allow do> origins ‘'> resource '’, headers: :any, methods: [:get, :post, :patch, :put, :options]> end> end

How to fix this issue?