search

cyu / rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
MIT License
3.27k stars 262 forks source link

Internal Server Error 500 #159

Closed English3000 closed 6 years ago

English3000 commented 6 years ago

ERROR MSG:

Error: Request failed with status code 500
Stack trace:
[42]/</t.exports@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:89311
[42]/</t.exports@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:251725
[42]/</t.exports/</d[h]@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:88311

Ruby version: 2.3 Rails version: 5.1

I have a server-side rendered, client-side hydrated React/Rails app (using gem 'react-rails').

I added the gem 'rack-cors' plus setup in application.rb in order for my requests to work (I'm using axios). However, signing out (a DELETE request) fails and hitting refresh erases the current user. Neither issue occurs locally.

Here's the app: http://crdwk.herokuapp.com

And the repo: https://github.com/English3000/crdwk

cyu commented 6 years ago

@English3000 What is leading you to the conclusion that this is an issue with the middleware?

English3000 commented 6 years ago

I don't know for sure. This is just what stuff I read online was indicating.

What do you think is the issue? Do you think it's with axios? Or react-rails?

cyu commented 6 years ago

@English3000 I don't know – there really isn't enough diagnostic to know what the issue is. What does the logs say? Looks like you got a 500 error from the server, so there should be an error in your logs.

English3000 commented 6 years ago

From Heroku:

Completed 500 Internal Server Error in 8ms (ActiveRecord: 0.0ms)
NoMethodError (undefined method `reset_token' for nil:NilClass):
app/controllers/application_controller.rb:29:in `sign_out'
app/controllers/api/sessions_controller.rb:3:in `destroy'

Given that hitting refresh, the current user does not persist, the issue is the current user somehow isn't getting set.

However, this is not an issue in development. Why would that be?

Hence my thought that it must be a package/gem issue.

English3000 commented 6 years ago

Looking through my project, the only difference I can find on the backend as compared with a client-side rendered one (which I literally copy & pasted the code for this project from) is this line in application_controller.rb:

skip_before_action :verify_authenticity_token

However, if I comment out this line, when I try to sign up, I get the server error

Started POST "/api/users" for 127.0.0.1 at 2018-03-05 12:16:57 -0800
Processing by Api::UsersController#create as JSON
  Parameters: {"user"=>{"email"=>"", "password"=>"[FILTERED]"}}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken:

This is as a result of using gem 'react-rails'.

There isn't an "authenticity_token" parameter, but in the form I have a hidden input with a server-side rendered form_authenticity_token I passed to the client-side's store via the window.

Additionally, in my api.js I do the following axios configuration

axios.defaults.xsrfHeaderName = "X-CSRFTOKEN";
axios.defaults.xsrfCookieName = "XCSRF-TOKEN";

How do I pass the authenticity token properly in my request?

English3000 commented 6 years ago

Figured it out:

const csrfToken = document.querySelector("meta[name=csrf-token]").content;
axios.defaults.headers.common["X-CSRF-Token"] = csrfToken;

So it's not a gem 'rack-cors' issue.

Still need a way to access the csrf token with React Native...