Comments (6)
I am wondering the same question. I have been testing it, and it doesn't seem to allow it.
from rack-cors.
You may need to set :credentials to false, if you are using a cdn and the cache populating request does not include the Origin header then the cdn will not have the cors headers. This may be a bug in rack-cors where public_resources that do not require credentials should send the cors headers even if no Origin is in the request.
(FYI Chrome does not seem to send the Origin header)
from rack-cors.
I see. Thanks for the message. I have found another gem that allows sending headers on different resources. https://github.com/thomasklemm/butler
from rack-cors.
It looks like all you have to do is make sure Rack::Cors middleware is defined before ActionDispatch::Static:
# config/application.rb
config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
allow do
origins '*'
resource '*',
:headers => :any,
:methods => [:get, :post, :delete, :put, :options],
:max_age => 0
end
end
from rack-cors.
I'm getting the same problem with Rails 4. I wonder if this is still applicable? Not seeing any headers being set at the moment.
from rack-cors.
What kind of stack are you running (unicorn, passenger, etc)? Also, what is the output of rake middleware
and your Cors configuration?
from rack-cors.
Related Issues (20)
- Controller still executes the request although CORS is blocked for this source HOT 1
- Support for Timing-Allow-Origin HOT 5
- Tag for v2.0.0 is missing HOT 3
- Does not work with Rack 3.0.0 HOT 1
- My CORS setup blocks bad urls but not POSTMAN requests HOT 3
- Vulnerabilities in included mocha.js HOT 1
- Stripe api with Cloud9 setup
- Is there any CI? HOT 1
- Cookie session related middleware interferes HOT 3
- Remove/Replace Rack::Utils::HeaderHash HOT 7
- delete the confusing `2.0.0` tag since `v2.0.0` exists? HOT 1
- issue comeback duplicate headers because of header name case HOT 3
- Release version 2.0.1 HOT 2
- How to add Access-Control-Allow-Private-Network header in Option response?
- Why is Rails.application.config.hosts required? HOT 1
- Regex origin woes HOT 2
- Upgrade to rails 7.1.1
- Ressource with $ are not handled as expected
- Access-Control-Allow-Origin is returned only if correct Origin header is available
- Documentation for the frame-ancestors directive?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-cors.