Menu
I wanted to implement CORS in my rails application, so I googled rack-cors gem for it. And I did everything as was said in README, that is updated Gemfile accordingly and updated application.rb like this:
module YourApp
class Application < Rails::Application
# ...
config.middleware.use Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
end
end
But it didn't work. No matter what I did, in the browser console I kept getting message:XMLHttpRequest cannot load https://somewebsite.com. Origin http://0.0.0.0:3000 is not allowed by Access-Control-Allow-Origin.
After reading this blogpost and issue on github, I realized that maybe position of rack-cors middleware in the middleware stack matters. So I did as was told in the github issue:
module YourApp
class Application < Rails::Application
# ...
config.middleware.insert 0, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
end
end
After that, when I run rake middleware rack-cors is really at the top of the stack.
But It still just simply won't work. I keep getting the same error. Anyone, please help.
279
Using rack-cors You need to inform Rails which origin it should allow. To do that, you need to create a new initializer for your application. This configuration will only allow HTTP POST calls to /order endpoint and all HTTP methods to any other endpoint. You need to pay close attention to the origins parameter.
Rack CORS Middleware. Rack::Cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. The CORS spec allows web applications to make cross domain AJAX calls without using workarounds such as JSONP.
I ran into the same problem with heroku. I found this blog with the same rack-cors issue.
Just moved the use Rack::Cors to config.ru, redeployed to heroku and it works.
require ::File.expand_path('../config/environment', __FILE__) run Rails.application require 'rack/cors' use Rack::Cors do # allow all origins in development allow do origins '*' resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :options] end end There is a new issue thread for the heroku solution
Instead of using
config.middleware.use Rack::Cors do
try
config.middleware.insert_before ActionDispatch::Static, Rack::Cors do
That worked for me.
25
Here's how I fixed mine:
You just need to un-comment the Rack CORS gem in your Gemfile (if it's there) or just add it:
gem 'rack-cors'
And then run the code below to install the gem:
bundle install
Create a config/initializers/cors.rb file and put the code below into it:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :put]
end
end
OR
Put the code below in config/application.rb of your Rails application. For example, this will allow GET, POST or OPTIONS requests from any origin on any resource:
module YourApp
class Application < Rails::Application
# ...
# For Rails 5 Appications
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
# For Rails 3/4 Applications
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
end
end
Setting origins to '*' should be alright for development, but keep in mind that if you deploy to production you’ll want to change this value to match your front-end’s URI for security reasons.
Note: If you're running Rails, updating in config/application.rb or 'config/initializers/cors.rb` should be enough. There is no need to update config.ru as well.
Reference: rack-cors
That's all
I hope this helps.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
