search

cyu / rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
MIT License
3.27k stars 262 forks source link

Simple configuration #174

Closed ghost closed 6 years ago

ghost commented 6 years ago

I'm trying to get it to work with this:

# app/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: :any
  end
end
$ bundle exec rake middleware
use Rack::Cors
use Rack::Sendfile
use ActionDispatch::Static
use ActionDispatch::Executor
use ActiveSupport::Cache::Strategy::LocalCache::Middleware
use Rack::Runtime
use ActionDispatch::RequestId
use RequestStore::Middleware
use ActionDispatch::RemoteIp
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use Airbrake::Rack::Middleware
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
use Rack::Attack
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ScoutApm::Middleware
use ScoutApm::Instant::Middleware
use OmniAuth::Builder
run SayduckApiRails::Application.routes

But on when I do this request:

GET / HTTP/1.1
Cookie: ...
Host: 127.0.0.1:3000
Connection: close
User-Agent: Paw/3.1.7 (Macintosh; OS X/10.14.0) GCDHTTPRequest

I get this:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
ETag: W/"3380aceab6542ebcb58f7079068347e4"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: bf97124f-0564-44e7-ab8c-fafd47d08495
X-Runtime: 0.005570
Vary: Origin
Connection: close
Transfer-Encoding: chunked

{"say":"🦆"}

I'm not sure what I'm doing wrong. Do I have to do something else to get it to work?

cyu commented 6 years ago

You need to pass a Origin header in your request.

ghost commented 6 years ago

Thanks, works fine now.