Closed Evlos closed 3 years ago
Hi @Evlos , did you solve? It seems to me that the gem isn't working with Rails 6. Thanks
Hi @Evlos , did you solve? It seems to me that the gem isn't working with Rails 6. Thanks
Hi, the issue disappeared after I ran rails app:update
instead of creating a new Rails 6 project and diff every file manually.
I can't get rack cors to work on rails 6 neither
Hi @Evlos - which changes did you have to make? I have been on Rails 6 for a while now, I don't think it would make much sense to use app:update now.
Hi @Evlos - which changes did you have to make? I have been on Rails 6 for a while now, I don't think it would make much sense to use app:update now.
Hi, I have reviewed my git commits about this upgrade. And there has been nothing much helpful changes except the changes made through app:update.
.drone.yml | 4 +-
.rubocop.yml | 2 +-
Gemfile | 30 +++----
Gemfile.lock | 346 ++++++++++++++++++++++++++++++++++++++++++++----------------------------------
app/assets/config/manifest.js | 2 +
bin/bundle | 115 +++++++++++++++++++++++++-
bin/rails | 5 ++
bin/rake | 5 ++
bin/setup | 16 ++--
bin/spring | 10 ++-
bin/yarn | 6 +-
config/application.rb | 26 ++++--
config/boot.rb | 1 +
config/cable.yml | 5 +-
config/database.yml | 10 ++-
config/environments/development.rb | 41 ++++++++--
config/environments/production.rb | 47 ++++++++---
config/environments/test.rb | 30 ++++---
config/initializers/assets.rb | 2 +-
config/initializers/content_security_policy.rb | 28 +++++++
config/initializers/inflections.rb | 6 +-
config/initializers/new_framework_defaults.rb | 2 +-
config/initializers/new_framework_defaults_6_0.rb | 45 +++++++++++
config/locales/en.yml | 2 +-
config/puma.rb | 34 ++------
config/routes.rb | 2 +-
config/secrets.yml | 22 -----
config/spring.rb | 12 +--
config/storage.yml | 34 ++++++++
I'm using ruby '~> 2.7.1' and rack-cors (1.1.1). Also here are my config/application.rb, maybe there are some conflicts between frameworks and gems that I accidently avoid by doing like this.
require "rails"
# Pick the frameworks you want:
require "active_model/railtie"
require "active_job/railtie"
require "active_record/railtie"
# require "active_storage/engine"
require "action_controller/railtie"
# require "action_mailer/railtie"
# require "action_mailbox/engine"
# require "action_text/engine"
# require "action_view/railtie"
# require "action_cable/engine"
# require "sprockets/railtie"
# require "rails/test_unit/railtie"
...
I'm also having problems wrt to rails 6.0.2.2 - no errors, but no cors http header in the output either.
@Evlos could you reopen this issue please?
I'm also having problems wrt to rails 6.0.2.2 - no errors, but no cors http header in the output either.
@Evlos could you reopen this issue please?
Of course.
Upgrading from Rails 5.0 to Rails 5.2 is also breaking this. Now, we get
Access to XMLHttpRequest at
'<url>' from origin
'http://localhost:8080' has been blocked by CORS
Update:
It's working on my end but another dev in our team is reporting this.
So, I guess this is something to do with his browser setting or one of his Chrome's extension.
No matter how I many times I try, it's working here. The CORS headers are there too.
More update
In case someone read this, the CORS problem is raised because of nginx proxies rejects the large file upload and close connection with 413 request too large.
And because there's no response from server, and the XHR uploads which send request to server with different host (from local host) raised the CORS.
Alright - I built a Rails 6 app from scratch, copied over the pretty much same setup I had in my Rails 5 example and ran through my CORS test. All green (after fixing a test bug).
One thing to note: Rails 6 has functionality built-in to block unknown hosts: https://guides.rubyonrails.org/configuring.html#configuring-middleware
If the above doesn't fix your problem, I'll need more information. I'll wait a bit, but I plan on closing this issue unless new info is provided. I've checked in the example and updated the README to reflect the information I've provided here: [#206]
@kevinhq the above solution isn't going to fix your issue, but you're giving me nothing here I can help you with. Can you create a new ticket with your config and details of how you're testing?
Our CORS policy is refering to localhost:4200, to enable angular development. AFAIR, cors in rails 5 was fine. According to https://guides.rubyonrails.org/configuring.html#configuring-middleware localhost is known by default - still, #206 refers to an wildcard DNS record related to 127.0.0.1.
@yanosz Can you provide your middleware configuration, and maybe the network response you're seeing from with in Chrome DevTools?
Also, if you add the debug and logger options like in the example below, the middleware will dump headers and log that will help diagnose your issue:
https://github.com/cyu/rack-cors/blob/master/examples/rails5/config/initializers/cors.rb#L1
@cyu - Nvm about the problem I mentioned earlier. It turns out to be working when I am trying it myself. See my update above.
well, I've to admit, that' I'm having problem to repduce this issue as of now. Everything seem to be working correctly.
@cyu Thanks four the quick response and help - especially for creating an example almost instantly! You rock. I'd like to apologies for spamming this bug tracker. Maybe, its the tide of confusion driving me here.
I had a similar problem when I updated rack-cors from 0.4.1 to 1.0.5.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index b9609b9..06cb916 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -55,8 +55,8 @@ Rails.application.configure do
# Allow any request from any origin on any resource
config.middleware.insert_before 0, Rack::Cors do
allow do
- origins '*'
- resource '*', headers: :any, methods: :any
+ origins 'localhost:3001'
+ resource '*', headers: :any, methods: :any, credentials: true
end
end
end
After the update, I needed to include the "Access-Control-Allow-Credentials: true"
header. This is needed for passing cookie credentials.
Note that a wildcard in the origin can't be used with
credentials: true
.
I solved this by setting up rack-cors in an initializer rather than in application.rb.
For those running Rails 6 trying to authorize ALL hosts, make it nil!
Rails.application.config.hosts = nil
You might also want to clean your hosts config by running Rails.application.config.hosts.clear just before setting it to nil.
Source
@julesmaregiano Rails.application.config.hosts
is not part of the rack-cors middleware, but a new feature of Rails 6:
https://guides.rubyonrails.org/configuring.html#configuring-middleware
Closing this issue as it has become a mix of unrelated configuration issues. Rack CORS is compatible with Rails 6. And I do believe issues identified here have seen some kind of resolution in some way.
Hi @Evlos , did you solve? It seems to me that the gem isn't working with Rails 6. Thanks
Hi, the issue disappeared after I ran
rails app:update
instead of creating a new Rails 6 project and diff every file manually.
me too. I did rails app:update
and then the cors.rb
file is replaced. After that I uncomment the new code and it works.
Also add "Origin: http://localhost"
in the postman request header
Hi all,
It seems rack-cors is not working on Rails 6.0.2.2 with workable configuration from Rails 5.1.
Thank you.