Closed JeanMertz closed 12 years ago
Actually, looking further into this issue, I think this is related to the fact that authenticate_user! returns 401 restricted access
because of issues in my app with authenticating. But even so, shouldn't it still return the CORS headers? Because now, the server logs show:
Started GET "/projects" for 127.0.0.1 at 2012-04-20 11:06:07 +0200
[11:06:07] [INFO] [api] Processing by Api::V1::ProjectsController#index as JSON
[11:06:07] [INFO] [api] Completed 401 Unauthorized in 0ms
While the client shows the CORS error, because no headers are returned.
it depends on the order of rack's execution chain. can you dump your middleware chain to see if your rack-cors is inserted before the devise plugin?
Thanks. I solved the issue together with @nov here: nov/rack-oauth2#18
I've been using cyu/rack-cors to provide access my API through XHR requests. This returns the following headers:
However, as soon as I start authenticating the backend using
devise_oauth2_providable
with:authenticate_user!
, the CORS headers are lost and I can no longer access my API:(no response-header is returned and the request simply stops with Status showing as canceled)
Could it be that
devise_oauth2_providable
overrides all previous set headers and therefor the cors headers are no longer sent back? And if so, I couldn't find anything doing this in the gem source, so should I be looking at nov/rack-oauth2 for the problem?