Ember App Requests to Rails App -- Cross Domain?

Question

I have two separate apps, an ember app and a rails app on the same server. Right now, I'm testing locally.

My Ember requests are not going out to the rails (localhost:3000). I cannot seem to figure out if that's happening because it thinks that it is a cross-domain request. Will it be considered a cross-domain request, even though they're on the same server? If so, is there anyway to avoid this cross-domain request since they are on the same server without compromising security? Or do I need to stick to JSONP?

Answer 1

Yes, a request to a different port is a cross-domain request. The browser is making a preflight OPTIONS request (CORS) and not getting an answer. It is then dropping the original request. You need to have the server respond with the proper CORS headers to this OPTIONS request. The browser will then make the orignal request.

Here is more information on CORS.

Here is the code from my application controller:

class V1::ApplicationController < ApplicationController
after_filter :cors_set_access_control_headers, :log_user

# respond to options requests with blank text/plain as per spec
def cors_preflight_check
  logger.info ">>> responding to CORS request"
  render :text => '', :content_type => 'text/plain'
end

# For all responses in this controller, return the CORS access control headers. 
def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Headers'] = 'X-AUTH-TOKEN, X-API-VERSION, X-Requested-With, Content-Type, Accept, Origin'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
  headers['Access-Control-Max-Age'] = "1728000"
end

And from routes.rb:

match '/*path' => 'application#cors_preflight_check', :via => :options

There is also a rack plugin that can handle this: rack-cors