javascript - Rails and CORS: why am I only seeing the OPTIONS request? -


i having horrible time trying cors working in json api rails app.

i have event model , associated controller. events belong registeredapplications.

# routes.rb rails.application.routes.draw    root 'registered_applications#index'    resources :registered_applications    namespace :api, defaults: { format: :json }     # option http verb     match '/events', to: 'events#create', via: [:options]     resources :events, only: [:create]   end    devise_for :users  end 
# events_controller.rb class api::eventscontroller < applicationcontroller    skip_before_filter :verify_authenticity_token   before_filter :cors_preflight_check   after_filter :cors_set_access_control_headers    # if preflight options request, short-circuit request,   # return necessary headers , return empty text/plain.   def cors_preflight_check     if request.method == :options       headers['access-control-allow-origin'] = '*'       headers['access-control-allow-methods'] = 'post, get, options'       headers['access-control-allow-headers'] = 'x-requested-with, x-prototype-version'       headers['access-control-max-age'] = '1728000'       render :text => '', :content_type => 'text/plain'     end   end    # responses in controller, return cors access control headers.   def cors_set_access_control_headers     headers['access-control-allow-origin'] = '*'     headers['access-control-allow-methods'] = 'post, get, options'     headers['access-control-max-age'] = "1728000"   end    def create     registered_application = registeredapplication.find_by(url: request.env['http_origin'])      if registered_application.nil?       render json: "unregistered application", status: :unprocessable_entity     else       event = registered_application.events.new(event_params)        if event.save         render json: @event, status: :created       else         render @event.errors, status: :unprocessable_entity       end     end   end  private    def event_params     params.permit(:name)   end  end

the javascript i'm using send new click events rails app:

$( document ).ready(function() {   $( window ).click( function() {       metrics.report("click");   }); });  var metrics = {};  metrics.report = function(eventname) {   var event = { name: eventname };   var request = new xmlhttprequest();    request.open("post", "http://localhost:3000/api/events", true);   request.setrequestheader('content-type', 'application/json');    request.send(json.stringify(event)); }

there 2 issues:

1) when make request via above javascript (from within web page) xmlhttprequest cannot load http://localhost:3000/api/events. request header field content-type not allowed access-control-allow-headers error. rails api requires request in json don't know supposed that. if comment out setrequestheader() line error goes away rails app doesn't receive initial http options request.

2) on rails app side see options request second (post) request never occurs. thing in log:

started options "/api/events" ::1 @ 2015-08-30 12:54:17 -0400 processing api::eventscontroller#create json   registeredapplication load (0.2ms)  select  "registered_applications".* "registered_applications" "registered_applications"."url" = $1  order created_at desc limit 1  [["url", "http://localhost:2222"]] unpermitted parameter: format    (0.1ms)  begin   sql (0.4ms)  insert "events" ("registered_application_id", "created_at", "updated_at") values ($1, $2, $3) returning "id"  [["registered_application_id", 21], ["created_at", "2015-08-30 16:54:17.751257"], ["updated_at", "2015-08-30 16:54:17.751257"]] (0.4ms)  commit completed 201 created in 11ms (views: 0.1ms | activerecord: 1.1ms)

am missing obvious?

i think need add headers['access-control-allow-headers'] = "content-type" in cors_set_access_control_headers function in server-side code.

my rails api requires request in json don't know supposed that. if comment out setrequestheader() line error goes away rails app doesn't receive initial http options request.

per cors spec, if send content-type request header value that’s other application/x-www-form-urlencoded, multipart/form-data, or text/plain, cors preflight options request sent.

so, when send content-type header value application/json, triggers options request. when drop setrequestheader() line, no custom content-type header sent (and no other custom “author” headers), in case, no cors preflight required, no options request made.


-

Comments

Post a Comment

Popular posts from this blog

c# - Binding a comma separated list to a List<int> in asp.net web api -

the default binder in web api expecst http://url.com/webapi/report/?pageids=3243&pageids=2365 to bind public ihttpactionresult report(list<int> pageids){ // exciting webapi code} i wish bind http://url.com/webapi/report/?pageids=3243,2365 as running out of space in url get . i have created class public class commaseparatedmodelbinder : system.web.http.modelbinding.imodelbinder { public bool bindmodel(httpactioncontext actioncontext, modelbindingcontext bindingcontext) { //binding in here } } and registered in webapiconfig.cs var provider = new simplemodelbinderprovider( typeof(list<int>), new commaseparatedmodelbinder()); config.services.insert(typeof(modelbinderprovider), 0, provider); i have altered method signature use model binder so public ihttpactionresult report( [modelbinder] list<int> pageids){ // exciting webapi code} however break point in binder not being
Read more

Delphi 7 and decode UTF-8 base64 -

in delphi 7, have widestring encoded base64(that received web service widestring result) : pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg== when decoded it, result not utf-8: <?xml version="1.0"?> <string>طھط³طھ</string> but when decoded base64decode.org, result true : <?xml version="1.0"?> <string>تست</string> i have use encddecd unit decodestring function. the problem have using decodestring . function, in delphi 7, treats decoded binary data being ansi encoded. , problem text utf-8 encoded. to continue encddecd unit have couple of options. can switch decodestream . instance, code produce utf-8 encoded text file data: {$apptype console} uses classes, encddecd; const data = 'pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg=='; var input: tstringstream; output: tfilestream; begin input := tstringstream.create(data); try output := tfilestream.
Read more

html - Is there any way to exclude a single element from the style? (Bootstrap) -

so, have img logo, overlaid on div styled background-image: url("...") , , both elements inside 2 div classes .to-color , .to-overlay respectively, black transparent overlay. is there way exclude logo style given these 2 classes? here's jsfiddle example: link html , css example: - html - <div class="to-color"> <div class="to-overlay"> <div class="respo"> <div class="row"> <div class="col-xs-4 col-xs-offset-4 text-center"> <img src="http://ansonalex.com/wp-content/uploads/2011/06/google-logo-768x260.png" alt="..." class="img-responsive"> </div> </div> </div> </div> </div> - css - .to-color { background-color: #000; } .to-overlay { opacity : 0.5; } .respo { background-image: url("https://source.unsplash.com/category/objects/1600x900"); background-position: center center;
Read more