search

dchun / QuoteManager

Saas App for Managing Quotes and getting paid
https://quotemanager.boopis.com
0 stars 0 forks source link

CORS Fix #32

Closed dchun closed 9 years ago

dchun commented 9 years ago

I modified the origin header addition in my local environment as a before filter and I don't get a cors error in my browser but it continues to appear when posting to the production server.

What's strange is that it worked fine before when the cors header was added as an after filter.

Could you look into this? Perhaps we can circumvent this issue by just hardcoding the header to allow all requests in the the nginx config files.

phuong3030 commented 9 years ago

I think the problem is the basic authen.

Without basic authen,

success without authen

With basic authen

A form_inline.js file used authen header when we opened site and type username/password. getjs

But POST message, web browser use javascript to make xhr request and it doesn't add basic authen header field to message. failed authen when post

This issue will stop when:

dchun commented 9 years ago

Ha! I forgot about that. Good catch. Let's turn of http auth for subdomains and just leave it for the root.

On Feb 8, 2015, at 6:59 PM, phuong3030 notifications@github.com wrote:

I think the problem is the basic authen.

Without basic authen,

With basic authen

A form_inline.js file used authen header when we opened site and type username/password.

But POST message, web browser use javascript to make xhr request and it doesn't add basic authen header field to message.

— Reply to this email directly or view it on GitHub.

phuong3030 commented 9 years ago

33