Rails Cors Issue with Ajax API Endpoint Request

Rails CORS issue with Ajax API endpoint Request

Because your frontend will do requests from any origin (any client), you have to enable CORS from any origin. Try

# config/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*',
      headers: :any,
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end

I use this in a rails 5 api application. Before rails 5 add rack-cors gem to your Gemfile. Anyway, restart your server.

rails 3/4

# config/application.rb
module YourApp
  class Application < Rails::Application

    config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins '*'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
      end
    end
  end
end

Rails cross domain ajax get request (CORS)

I'm trying to implement google places api in my rails app.

You seem confused about what CORS does. If you are trying to perform an ajax call to for example https://maps.googleapis.com the only thing that matters are the CORS headers sent in the response by Google. If this does not work you may be trying to use a outdated api version endpoint.

Instead follow the steps on:
https://developers.google.com/maps/documentation/javascript/examples/place-search

If you want your application to be able to provide data to other domains then you would provide CORS headers. But this is not very likely what is causing your issue unless you are doing a Rails api app which is consumed by a separate front-end.

See Using CORS for a tutorial on how CORS works.

The CSP (content security policy) on the other hand allows you to set more permissive rules for cross domain requests. But should not be needed in this case since Google provides CORS headers for their web services.

CORS + End of file reached

I have solved this problem, it was indeed on server A and was caused by a end of file reached that was being thrown by another gem, which was due to it using an API that stopped working. Or rather, was being phased out, so that's why it sometimes worked sometimes not.

To explain why CORS happened on the client side: it was due to the fact that when application threw an error it triggered a redirect to an error page that didn't have the proper headers.

How to make ajax call to my rails api using Authorization Token

This is some working code we use:

(function(token) {
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.open("POST","******",true);
    xmlhttp.setRequestHeader("Authorization", "Token " + token);
    xmlhttp.send();
})(tracker);

I figured your problem would be your beforeSend call, but it seems that's the recommended way to create an authentication token with $.ajax

Rack-CORS

You may have an issue with your CORS policy in your app

If you're not receiving the request in production, but are locally, then it's likely a CORS issue. By using the Rack-CORS gem, you'll be able to allow different request types to endpoints you specify

Here's the code we use:

config.middleware.use Rack::Cors do
  allow do
    origins '*'
    resource '/data*', :headers => :any, :methods => :post
  end
end

CORS issue: Getting error No 'Access-Control-Allow-Origin' header is present when it actually is

Exclude Rails CSRF checking in the action ;)

That is, Rails checks for an authenticity token with update/create requests. Within your Rails app, this token is added to all of your forms. But with javascript requests, including it is tricky.

You can skip checking it for an action by adding this to your controller:

skip_before_filter :verify_authenticity_token, :only => [:update]

BTW, your problem had nothing to do with CORS, you were getting a bad error message in the browser. The Rails log tells the real story.

javascript being sent everytime ajax requests rails app

The answer to this problem was to stop my application from serving application.js and host it on the client. I did this by the following:

app/views/layout/application.html.erb

I commented out the portion that serves application.js

<!--#  <%= javascript_include_tag "application" %> -->

In my client, I added

<script src="https://myapp.herokuapp.com/assets/application.js"></script>

So the client serves application.js, and the rails html response gets sent without application.js. Hope this makes sense to everyone, this took me a while to piece together!

All requests blocked by CORS policy on development

If your API doesn't require credentials you should remove withCredentials: true.

More about withCredentials:

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials


Related Topics

Ruby Array Element Grouping

Method Referring to a Pulled in Packaged's Method Moves Out of Scope When Put Inside an Objects Method

How to Share Image and Description Using Social_Share_Button in Rails

PDF Generation Hangs Using PDFkit and Wkhtmotopdf

Rails Strong Params - Using Fields from Has_Many Object

+= Operator Overloading in Ruby

How to Put a Raw SQL Query in Sequel

Pass Array Hidden Field in Nested Model Rails

Escaping Parameters in Set_Form_Data Post

Rails Generate Scaffold Error

Complete Web Apps in Ruby Without Using Any Frameworks - How Difficult? Pitfalls

Ruby: "Unexpected Keyword_End"... But All Openers and Closers Match

Rails Controller - Execute Action Only If the a Rails Ujs Method Inside Succeed (Mutually Dependent Methods)

Ancestry Gem in Rails and Mutli Nesting

Randomly Showing Nomethoderror: Undefined Method 'Empty' for 0:Fixnum

Remove Duplicates from Loop

Authorization Issue with Cron Crawler Inserting Data into Google Spreadsheet Using Google API in Ruby

Rake Not Able to Migrate


Leave a reply



Submit