Angular post request does not pass the check before the flag, although the rails server is configured to accept all requests

I am using angularJS application to request APIs. I am sending my http request from my angular controller, but it seems like the preflight check request does not pass the access control check:

controller('RegistrationsCtrl',['$scope', '$http', '$ionicLoading',function($scope, $http, $ionicLoading) { $scope.launchReq = function(){ $http.post('http://localhost:3333/users', {email: " bougnoul@gmail.com ", password: "12345678"}).success(function(data){ console.log(data); }).error(function(err){ // $ionicLoading.hide(); if (err.error == "Uncomfirmed account"){ $scope.err = "Ce compte n'a pas été confirmé.<a href="+"'"+"/#/phoneConfirmation/"+err.user_id+"'"+">Obtenir votre code de confirmation ?</a>" } else { $scope.err = "Identifiant ou mot de passe incorrect."; } }); } }]) 

I tried to configure my rails server by configuring the application.rb file as suggested here :

 require File.expand_path('../boot', __FILE__) require "rails" # Pick the frameworks you want: require "active_model/railtie" require "active_job/railtie" require "active_record/railtie" require "action_controller/railtie" require "action_mailer/railtie" require "action_view/railtie" require "sprockets/railtie" # require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) module QuickBedApi class Application < Rails::Application # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. # config.time_zone = 'Central Time (US & Canada)' # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] # config.i18n.default_locale = :de # Do not swallow errors in after_commit/after_rollback callbacks. config.active_record.raise_in_transactional_callbacks = true config.action_dispatch.default_headers = { 'Access-Control-Allow-Origin' => 'http://localhost:8100', 'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",") } end end 

But I still get the following error on the client side:

On the server side, it seems that the rails APIs do not understand that OPTIONS is a preflight call since I am getting a routing error:

 Started OPTIONS "/users" for ::1 at 2016-02-16 00:30:09 +0100 ActiveRecord::SchemaMigration Load (0.6ms) SELECT "schema_migrations".* FROM "schema_migrations" ActionController::RoutingError (No route matches [OPTIONS] "/users"): actionpack (4.2.5) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call' actionpack (4.2.5) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call' railties (4.2.5) lib/rails/rack/logger.rb:38:in `call_app' railties (4.2.5) lib/rails/rack/logger.rb:20:in `block in call' activesupport (4.2.5) lib/active_support/tagged_logging.rb:68:in `block in tagged' activesupport (4.2.5) lib/active_support/tagged_logging.rb:26:in `tagged' activesupport (4.2.5) lib/active_support/tagged_logging.rb:68:in `tagged' railties (4.2.5) lib/rails/rack/logger.rb:20:in `call' quiet_assets (1.1.0) lib/quiet_assets.rb:27:in `call_with_quiet_assets' actionpack (4.2.5) lib/action_dispatch/middleware/request_id.rb:21:in `call' rack (1.6.4) lib/rack/methodoverride.rb:22:in `call' rack (1.6.4) lib/rack/runtime.rb:18:in `call' activesupport (4.2.5) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call' rack (1.6.4) lib/rack/lock.rb:17:in `call' actionpack (4.2.5) lib/action_dispatch/middleware/static.rb:116:in `call' rack (1.6.4) lib/rack/sendfile.rb:113:in `call' railties (4.2.5) lib/rails/engine.rb:518:in `call' railties (4.2.5) lib/rails/application.rb:165:in `call' rack (1.6.4) lib/rack/content_length.rb:15:in `call' puma (2.15.3) lib/puma/server.rb:541:in `handle_request' puma (2.15.3) lib/puma/server.rb:388:in `process_client' puma (2.15.3) lib/puma/server.rb:270:in `block in run' puma (2.15.3) lib/puma/thread_pool.rb:106:in `call' puma (2.15.3) lib/puma/thread_pool.rb:106:in `block in spawn_thread' 

What else do I need to configure on the client side (angular) or server (rails) so that cross-search queries work correctly?

EDIT

I also tried updating my application_controller as follows:

 class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception skip_before_filter :verify_authenticity_token before_filter :cors_preflight_check after_filter :cors_set_access_control_headers def cors_set_access_control_headers headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token' headers['Access-Control-Max-Age'] = "1728000" end def cors_preflight_check binding.pry if request.method == 'OPTIONS' headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token' headers['Access-Control-Max-Age'] = '1728000' render :text => '', :content_type => 'text/plain' end end end 

It seems that the code is not even included in the application controller, and I still get the error ...