Ember+Rails devs: what do you do for CORS/OPTIONS responses?

eliotsykes · April 17, 2015, 11:58am

Hi all,

I’m researching into what folks are using for handling CORS with their Rails+Ember apps and would love to read what you’ve done and liked/not liked!

Many thanks,

Eliot

varblob · April 17, 2015, 12:07pm

I’m using the cors gem on the ruby side.

On the ember side I have

Ember.$.ajaxSetup(
  crossDomain: true
)

I found out later I could probably avoid the whole thing by using the --proxy option on ember-cli as long as you don’t need cors in the live env.

eliotsykes · April 18, 2015, 9:41am

@varblob Was this the gem? https://github.com/cyu/rack-cors There is also a cors gem that I think might be tied to use with Amazon S3.

varblob · April 18, 2015, 12:15pm

My apologies, I should have included

# cross origin policy rack middleware
gem 'rack-cors', require: 'rack/cors'

and here is what my cors initializer looks like

Rails.application.config.middleware.insert_before 0, "Rack::Cors", debug: true, logger: (-> { Rails.logger }) do
  allow do
    origins 'originoftheemberapp', 'anotheremberapporigin'

    resource '*',
      headers: :any,
      methods: [:get, :post, :delete, :put, :options, :head],
      credentials: true,
      max_age: 0
  end
end

Let me know if that does it for you. I think I picked out the important bits but I maybe missing something. This is also assuming you’re not using cookies for auth. If you are then you need to also include

Ember.$.ajaxSetup(
  crossDomain: true
  xhrFields:
    withCredentials: true <-- this bit
)

and I think you need this too but it maybe redundant

ApplicationAdapter = DS.ActiveModelAdapter.extend(
  corsWithCredentials: true <-- this bit
)

If you’re using devise cookie based sessions and ember-simple-auth this may also be interesting WARNING this is not the default way to use simple-auth and devise

eliotsykes · April 19, 2015, 7:03pm

Thanks for the awesome answer @varblob

varblob · April 20, 2015, 12:42pm

@eliotsykes

I realize I didn’t note that cookie based auth for devise with ember-simple-auth is not the default way. ember-simple-auth uses token based authentication by default.

OpakAlex · April 24, 2015, 3:00pm

it’s all

    if request.headers["HTTP_ORIGIN"]
      headers['Access-Control-Allow-Origin']       = '*'
      headers['Access-Control-Expose-Headers']     = 'ETag'
      headers['Access-Control-Allow-Methods']      = 'GET, POST, PUT, DELETE, OPTIONS, HEAD'
      headers['Access-Control-Allow-Headers']      = 'x-requested-with, Content-Type, origin, authorization, accept, client-security-token'
    end

fguillen · November 21, 2015, 9:46pm

It is not working for me. It works for the GET method but when I try to update a Ember Model into the Rails backend, the first request that Ember does is a OPTIONS request and looks like the rack-cors is not managing this request because I’m receiving a No route matches [OPTIONS] error.

I don’t know what I’m missing, I have open a bug report in the rack-cors repo.

Topic		Replies	Views
CORS or ActiveModel Serializer (ember+rails)(ANSWERED)	9	1667	November 19, 2016
A Rails and Ember.js (With the Ember CLI) Tutorial	5	2090	May 24, 2016
Ember-Simple-Auth	4	3487	December 1, 2013
Using ember-cli with a subdomain-based API Ember CLI	5	3279	March 27, 2015
Ember-Data and CORS Ember Data	3	22344	January 21, 2014

Ember+Rails devs: what do you do for CORS/OPTIONS responses?

Related topics