Comments (11)
cyu
commented on July 23, 2024
How is the middleware configured?
from rack-cors.
calvinl
commented on July 23, 2024
In staging.rb:
config.middleware.insert_before Warden::Manager, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
from rack-cors.
cyu
commented on July 23, 2024
What's the resource you're trying to access? Unfortunately, files in the public folder will be served directly from nginx, bypassing rails altogether. You can try altering your try_files command like this:
# removed $uri
try_files $uri/index.html $uri.html @app;This will force all non-html resource through the app. Unfortunately, this will put extra load on the unicorn. You should be able to re-configure nginx to send just the resources you want through the app. Unfortunately, I've never done that before so I don't have any examples of how one would do this.
from rack-cors.
calvinl
commented on July 23, 2024
It's an API controller route. The OPTIONS request gets in, but it returns a 404 because the rails app doesn't know what to do with it.
from rack-cors.
jesseadams
commented on July 23, 2024
I am having this exact same problem. Same stack (nginx+unicorn). Works great in via thin but not in production. I tried @cyu 's suggestion above and it had no effect.
from rack-cors.
toxaq
commented on July 23, 2024
+1
from rack-cors.
ksiomelo
commented on July 23, 2024
+1
from rack-cors.
cyu
commented on July 23, 2024
I just did a clean Unicorn/Nginx install of the example Rails app (in examples/rails3) and was able to get my tests to pass. One thing to watch out for is to make sure Rack::Cors is inserted before the ActionDispatch::Static:
config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
...
endIf you are still having issues, please provide some more information, like:
- Output of
rake middleware Rack::Corsconfig'- The route you're hitting
- The Nginx configuration
from rack-cors.
jagthedrummer
commented on July 23, 2024
I'm having this same problem. It seems like nginx is not passing through the headers set by Rack::Cors.
Output of rake middleware
use Rack::Sendfile
use Rack::Cors
use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x00000002126568>
use Rack::Runtime
use Rack::MethodOverride
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run RetailerPortal::Application.routes
Rack::Cors config in config/application.rb
config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
allow do
origins(/http:\/\/localhost:(\d*)/,
/http:\/\/*\.newecx\.com/,
/http:\/\/*\.ritani\.com/,
/https:\/\/*\.newecx\.com/,
/https:\/\/*\.ritani\.com/
)
resource '/api/v1/*', :headers => :any, :methods => [:get, :post, :put, :delete, :options]
end
end
The route I'm hitting : /api/v1/retailers
The Nginx configuration:
upstream unicorn_retailer_portal {
server unix:/srv/www/retailer_portal/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name retailer_portal oberon;
access_log /var/log/nginx/retailer_portal.access.log;
keepalive_timeout 5;
root /srv/www/retailer_portal/current/public/;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 60;
proxy_send_timeout 60;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_retailer_portal;
break;
}
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /srv/www/retailer_portal/current/public/;
}
}
from rack-cors.
jagthedrummer
commented on July 23, 2024
Well, my problem turned out to be my own fault. I borked the regexes for some of my origins. Instead of /http:\/\/*\.newecx\.com/ I should have had /http:\/\/.*\.newecx\.com/.
from rack-cors.
cyu
commented on July 23, 2024
Closing this as this is an old issue. I have made at fix wrt OPTIONS requests in the past. Feel free to reopen if this is still happening.
from rack-cors.
Related Issues (20)
- Support for Timing-Allow-Origin HOT 5
- Tag for v2.0.0 is missing HOT 3
- Does not work with Rack 3.0.0 HOT 1
- My CORS setup blocks bad urls but not POSTMAN requests HOT 3
- Vulnerabilities in included mocha.js HOT 1
- Stripe api with Cloud9 setup
- Is there any CI? HOT 1
- Cookie session related middleware interferes HOT 3
- Remove/Replace Rack::Utils::HeaderHash HOT 7
- delete the confusing `2.0.0` tag since `v2.0.0` exists? HOT 1
- issue comeback duplicate headers because of header name case HOT 3
- Release version 2.0.1 HOT 2
- How to add Access-Control-Allow-Private-Network header in Option response?
- Why is Rails.application.config.hosts required? HOT 1
- Regex origin woes HOT 2
- Upgrade to rails 7.1.1
- Ressource with $ are not handled as expected
- Access-Control-Allow-Origin is returned only if correct Origin header is available
- Documentation for the frame-ancestors directive?
- [SECURITY] CVE-2024-27456 - Insecure File Permissions in rack-cors v2.0.1 HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-cors.