rack-cors | 易学教程

Add custom response header with Rack-cors and Grape

阅读更多关于 Add custom response header with Rack-cors and Grape

问题 I'm developing a Ionic(Cordova) app with a Ruby on Rails API. I want to use response headers to return a token after login. I'm using rack-cors gem to make Cross Origin Request work: application.rb config.middleware.insert_after Rails::Rack::Logger, Rack::Cors, :logger => Rails.logger do allow do origins '*' resource '/api/*', :headers => :any, :methods => [:get, :post, :options, :put] end end and grape gem to manage my API routes. But i can't find a way to add a header to my response since i

ruby on rails - rack-cors multiple origins with different resources

阅读更多关于 ruby on rails - rack-cors multiple origins with different resources

问题 I'm implementing CORS in my rails application using rack-cors gem for it, but I'm not sure how can i define different resources for different origins. I need something like that: config.middleware.insert_before 0, Rack::Cors do allow do origins 'http://localhost:3000' resource '/api/*', headers: :any, methods: [:get, :post, :options, :put, :delete] end allow do origins 'http://localhost:6000' resource '*', headers: :any, methods: [:get, :post, :options, :put, :delete] end end So it will allow

How to enable CORS for only selected route rails

阅读更多关于 How to enable CORS for only selected route rails

问题 I am on Rails5 and I want to allow CORS on one of my route. Here is how I can allow CORS for all my route, but is there a way to only whitelist for one endpoint? config.middleware.insert_before 0, Rack::Cors do allow do origins '*' resource '*', :headers => :any, :methods => [:get, :post, :options] end end 回答1: To allow cross-origin requests for only a particular endpoint path, use it as the first resource arg: config.middleware.insert_before 0, Rack::Cors do allow do origins '*' resource '

Rails cross domain ajax get request (CORS)

阅读更多关于 Rails cross domain ajax get request (CORS)

问题 I'm trying to implement google places api in my rails app. This is the error I'm getting when trying to use the function that is fetching the data from the ajax request: XMLHttpRequest cannot load . Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. I'm using rack-cors gem and I've added this snippet into my config/application.rb file:

Rails 5.1 CORS - how to set different origins for different environments

阅读更多关于 Rails 5.1 CORS - how to set different origins for different environments

问题 I am using the rack-cors gem with a Rail 5.1 API. I have the following initializer as per the documentation: config/initializers/cors.rb module Api Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins ['http://localhost:4200','https://app.mydomain.com/'] resource '*', headers: :any, :expose => ['access-token', 'expiry', 'token-type', 'uid', 'client'], methods: [:get, :post, :put, :patch, :delete, :options, :head] end end end However, this means that when

Rails 5.1 CORS - how to set different origins for different environments

阅读更多关于 Rails 5.1 CORS - how to set different origins for different environments

I am using the rack-cors gem with a Rail 5.1 API. I have the following initializer as per the documentation: config/initializers/cors.rb module Api Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins ['http://localhost:4200','https://app.mydomain.com/'] resource '*', headers: :any, :expose => ['access-token', 'expiry', 'token-type', 'uid', 'client'], methods: [:get, :post, :put, :patch, :delete, :options, :head] end end end However, this means that when deployed to production my api will accept requests from any localhost:4200 origin. How can I separate these

Why isn't my CORS configuration causing incoming requests to be filtered? How can I make it only accept requests from a specific origin?

阅读更多关于 Why isn't my CORS configuration causing incoming requests to be filtered? How can I make it only accept requests from a specific origin?

I'd like my Rails 5 API-only app, for now running on http://localhost:3000 , to only accept requests from my NodeJS front-end app, for now running on http://localhost:8888 . So I configured /config/initializers/cors.rb like this: Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins "http://localhost:8888" resource "*", headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head] end end And I wrote this test: #/spec/request/cors_request_spec.rb RSpec.feature "CORS protection", type: :request do it "should accept a request from a whitelisted

Why isn't my CORS configuration causing incoming requests to be filtered? How can I make it only accept requests from a specific origin?

阅读更多关于 Why isn't my CORS configuration causing incoming requests to be filtered? How can I make it only accept requests from a specific origin?

问题 I\'d like my Rails 5 API-only app, for now running on http://localhost:3000 , to only accept requests from my NodeJS front-end app, for now running on http://localhost:8888 . So I configured /config/initializers/cors.rb like this: Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins \"http://localhost:8888\" resource \"*\", headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head] end end And I wrote this test: #/spec/request/cors_request