I played with ESA dummy-app and plugged it to a locally created Rais API which uses doorkeeper gem. So the only changes I made in the dummy app:
- I replaced the existing googleClientID value with the one I got after declaring dummy app at Rails API
- I changed
apiHost
value to :'http://localhost:3000'
inenvironement.js
. - I replaced the URI in
login-form
component in#authenticateWithGoogleImplicitGrant
action as follows:
authenticateWithGoogleImplicitGrant() {
let clientId = config.googleClientID;
let redirectURI = `${window.location.origin}/callback`;
let responseType = `token`;
// let scope = `email`;
window.location.replace(`http://localhost:3000/oauth/authorize?`
+ `client_id=${clientId}`
+ `&redirect_uri=${redirectURI}`
+ `&response_type=${responseType}`
//+ `&scope=${scope}`
/*window.location.replace(`https://accounts.google.com/o/oauth2/v2/auth?`
+ `client_id=${clientId}`
+ `&redirect_uri=${redirectURI}`
+ `&response_type=${responseType}`
+ `&scope=${scope}`*/
);
}
After logging in to the dummy app and clicking on protected page
link, I have the list of posts displayed (I had to generate a scaffold on the Rails API side for posts resources), but in the Termnal I have a weird message:
GET /assets/dummy.js 304 0.653 ms - -
Content Security Policy violation:
{
"csp-report": {
"blocked-uri": "http://localhost:3000",
"document-uri": "http://localhost:4200/",
"original-policy": "style-src http://localhost:4200 'unsafe-inline'; default-src 'none'; script-src http://localhost:4200 http://localhost:7020 http://0.0.0.0:7020 http://undefined:7020; font-src http://localhost:4200; connect-src http://localhost:4200 ws://localhost:7020 ws://0.0.0.0:7020 ws://undefined:7020 http://localhost:4200; img-src http://localhost:4200; media-src http://localhost:4200; report-uri http://localhost:4200/csp-report",
"referrer": "",
"violated-directive": "connect-src http://localhost:4200 ws://localhost:7020 ws://0.0.0.0:7020 ws://undefined:7020 http://localhost:4200"
}
In the Rails API logs everything seems to be OK:
app/controllers/posts_controller.rb:7:in `index'
Started GET "/posts" for 127.0.0.1 at 2018-01-28 15:35:32 +0100
Processing by PostsController#index as application/vnd.api+json
Post Load (0.2ms) SELECT "posts".* FROM "posts"
[active_model_serializers] Rendered ActiveModel::Serializer::CollectionSerializer with ActiveModelSerializers::Adapter::JsonApi (6.44ms)
Completed 200 OK in 29ms (Views: 26.2ms | ActiveRecord: 1.0ms)
Why so ? Is there any setting in dummy-app side ? Thank you