Comments (11)
How is the middleware configured?
from rack-cors.
In staging.rb:
config.middleware.insert_before Warden::Manager, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
from rack-cors.
What's the resource you're trying to access? Unfortunately, files in the public folder will be served directly from nginx, bypassing rails altogether. You can try altering your try_files command like this:
# removed $uri
try_files $uri/index.html $uri.html @app;
This will force all non-html resource through the app. Unfortunately, this will put extra load on the unicorn. You should be able to re-configure nginx to send just the resources you want through the app. Unfortunately, I've never done that before so I don't have any examples of how one would do this.
from rack-cors.
It's an API controller route. The OPTIONS request gets in, but it returns a 404 because the rails app doesn't know what to do with it.
from rack-cors.
I am having this exact same problem. Same stack (nginx+unicorn). Works great in via thin but not in production. I tried @cyu 's suggestion above and it had no effect.
from rack-cors.
+1
from rack-cors.
+1
from rack-cors.
I just did a clean Unicorn/Nginx install of the example Rails app (in examples/rails3) and was able to get my tests to pass. One thing to watch out for is to make sure Rack::Cors is inserted before the ActionDispatch::Static
:
config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
...
end
If you are still having issues, please provide some more information, like:
- Output of
rake middleware
Rack::Cors
config'- The route you're hitting
- The Nginx configuration
from rack-cors.
I'm having this same problem. It seems like nginx is not passing through the headers set by Rack::Cors.
Output of rake middleware
use Rack::Sendfile
use Rack::Cors
use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x00000002126568>
use Rack::Runtime
use Rack::MethodOverride
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run RetailerPortal::Application.routes
Rack::Cors
config in config/application.rb
config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
allow do
origins(/http:\/\/localhost:(\d*)/,
/http:\/\/*\.newecx\.com/,
/http:\/\/*\.ritani\.com/,
/https:\/\/*\.newecx\.com/,
/https:\/\/*\.ritani\.com/
)
resource '/api/v1/*', :headers => :any, :methods => [:get, :post, :put, :delete, :options]
end
end
The route I'm hitting : /api/v1/retailers
The Nginx configuration:
upstream unicorn_retailer_portal {
server unix:/srv/www/retailer_portal/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name retailer_portal oberon;
access_log /var/log/nginx/retailer_portal.access.log;
keepalive_timeout 5;
root /srv/www/retailer_portal/current/public/;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 60;
proxy_send_timeout 60;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_retailer_portal;
break;
}
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /srv/www/retailer_portal/current/public/;
}
}
from rack-cors.
Well, my problem turned out to be my own fault. I borked the regexes for some of my origins. Instead of /http:\/\/*\.newecx\.com/
I should have had /http:\/\/.*\.newecx\.com/
.
from rack-cors.
Closing this as this is an old issue. I have made at fix wrt OPTIONS requests in the past. Feel free to reopen if this is still happening.
from rack-cors.
Related Issues (20)
- Support for Timing-Allow-Origin HOT 5
- Tag for v2.0.0 is missing HOT 3
- Does not work with Rack 3.0.0 HOT 1
- My CORS setup blocks bad urls but not POSTMAN requests HOT 3
- Vulnerabilities in included mocha.js HOT 1
- Stripe api with Cloud9 setup
- Is there any CI? HOT 1
- Cookie session related middleware interferes HOT 3
- Remove/Replace Rack::Utils::HeaderHash HOT 7
- delete the confusing `2.0.0` tag since `v2.0.0` exists? HOT 1
- issue comeback duplicate headers because of header name case HOT 3
- Release version 2.0.1 HOT 2
- How to add Access-Control-Allow-Private-Network header in Option response?
- Why is Rails.application.config.hosts required? HOT 1
- Regex origin woes HOT 2
- Upgrade to rails 7.1.1
- Ressource with $ are not handled as expected
- Access-Control-Allow-Origin is returned only if correct Origin header is available
- Documentation for the frame-ancestors directive?
- [SECURITY] CVE-2024-27456 - Insecure File Permissions in rack-cors v2.0.1 HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-cors.