Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Origin http://localhost is not allowed by Access-Control-Allow-Origin Rails 3

Tags:

ruby-on-rails

cross-domain

Follow by this question How to set access-control-allow-origin in webrick under rails?, I can GET and POST from the localhost to the localhost:3000.

However, the error occurred with DELETE and PUT

This is how i allow to cross domain access

class ApplicationController < ActionController::Base
    protect_from_forgery
    before_filter :allow_cross_domain_access
    def allow_cross_domain_access
        response.headers["Access-Control-Allow-Origin"] = "*"
        response.headers["Access-Control-Allow-Methods"] = "*"
    end
end

Any idea how to fix it?

like image 754
Hoan Dang Avatar asked Jan 14 '13 04:01

Hoan Dang

2 Answers

* is not a valid value for the Access-Control-Allow-Methods response header. You need to list the actual methods:

response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE"

Also if your request has any custom request headers, you will need to list those as well:

response.headers["Access-Control-Allow-Headers"] = "Content-Type, X-Requested-With"

Lastly note that your controller should allow OPTIONS http requests. This is to allow CORS preflight requests, which are required when making PUT or DELETE requests.

like image 72
monsur Avatar answered Jan 04 '23 05:01

monsur

This solution (http://www.tsheffler.com/blog/?p=428) works for me:

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
  headers['Access-Control-Max-Age'] = "1728000"
end

# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.

def cors_preflight_check
  if request.method == :options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end

Also, probably you want to enable CORS in selected methods:

before_filter :cors_preflight_check, :only => [ :my_method]
after_filter :cors_set_access_control_headers, :only => [ :my_method]

I hope it helps

like image 28
Aldo Avatar answered Jan 04 '23 06:01

Aldo
Sign in to Comment

Related questions

how can I convert ruby data structures to javascript data structures with .js.erb?
Simple way to always make a field lowercase in db
XPath or CSS parsing faster (for Nokogiri on HTML files)?
Rails 3: belongs_to, has_one and Migrations
Cannot read file with send_file function in Rails 3
How often do initializers run in Rails?
switching from MySQL to PostgreSQL for Ruby on Rails for the sake of Heroku
Query with a model method?
Dynamically create after_add and after_remove callbacks for has_many or habtm?
Rails 3 dropdown select boxes?
Rails - how to get find domain url in a layout
curb gem is not installing in linux redhat
Can't gem install json -v '1.7.3'
uninitialized constant RAILS_DEFAULT_LOGGER
Ruby on Rails - Caching Variables
Direct Uploads to S3 using Carrierwave
Ruby undefined method `strftime' for nil:NilClass
Nested array in URL params
How to display an array in a rails view?
Grouping by Days Created_At

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!