I've created a Rails[7.0] app using the Shopify cli v3. It's working good locally, but when I'm trying to access the admin I get this error:
Refused to display 'https://admin.shopify.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
A few modifications I did to the generated app:
Changed the DB to Postgres
Added an endpoint and controller to serve static assets from the frontend
I've tried:
Removed protect from forgery
include ShopifyApp::EmbeddedApp in the new static files controller
removed config.public_file_server.enabled from production.rb
Related
I am running the same rails 5.1.5 app in development and production. Everything works as expected in the development environment. In production, I could not serve the static assets in the public folder initially. I set the config.public_file_server.enabled = true in production.rb. However, since every request on my page is behind an authorization (as a :before_action in the application controller), the .js file that sets the authorization cookie is also not served without authorization and my service is caught in a loop. This does not happen in the development mode, and the public assets are not requested through rails routes. I need guidance on how the serving of public assets is different in development and production mode for a rails application.
Well I believe this could be due to a problem in your production configuration. For an example in Production you don't let static resources to be served by the Rails process. You should instead set static assets to be served by the Web server. You cam simply do this by adding the following configuration to you Apache or Nginx virtual files.
DocumentRoot /home/xxx/test/public
root /var/www/phindee/current/public;
I am working on a Ruby on Rails application and it is deployed on AWS Beanstalk. My Beanstalk application has two environments:
- Web Env
- config:
- Ruby 2.4.3
- Rails 5.1.4
- Puma as App server
- Nginx as Web Server
- Uses active_elastic_job
- Worker Env
- config:
- Ruby 2.4.3
- Rails 5.1.4
- Puma as App server
- Nginx as Web server
- Uses Amazon - SQS
- Uses active_elastic_job
Both Envs uses the same repo/codebase and my app was fully configured.
Last week, I came to know that my application is not force redirecting to https. Though, I was able to access my site with https but when accessed via http or accessing directly via the domain name was not redirecting me to secure site.
I came across with this link https://gist.github.com/petelacey/e35c98f9a35063a89fa9 and after deploying this file using .ebextensions on Web Env, I am now able to redirect to https --- Till here no problem
But, when I tried deploying the same Running version to my Worker Env, my background jobs have stopped working
To troubleshoot that, I ssh into my Worker env and inspected below files:
/var/log/nginx/error.log -- Nothing suspicious found
/var/log/puma/puma.log -- Nothing suspicious found
/var/log/aws-sqsd/default.log -- I see lots of http-err
/var/log/amazon/ssm/errors.log
2018-05-08 11:28:19 ERROR [HandleAwsError # awserr.go.48] [instanceID=i-YYYYYYYYYY] [MessagingDeliveryService] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::XXXXXXXXXX:assumed-role/role/i-YYYYYYYYYY is not authorized to perform: ssm:ListInstanceAssociations on resource: arn:aws:ec2:us-east-1:XXXXXXXXXX:instance/i-YYYYYYYYYY
status code: 400, request id: ''
2018-05-08 11:28:19 ERROR [HandleAwsError # awserr.go.48] [instanceID=i-YYYYYYYYYY] [MessagingDeliveryService] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::XXXXXXXXXX:assumed-role/aws-elasticbeanstalk-ec2-role/i-YYYYYYYYYY is not authorized to perform: ssm:ListAssociations on resource: arn:aws:ssm:us-east-1:XXXXXXXXXX:*
status code: 400, request id: ''
2018-05-08 11:28:19 ERROR [ProcessAssociation # processor.go.157] [instanceID=i-YYYYYYYYYY] [MessagingDeliveryService] [Association] Unable to load instance associations, unable to retrieve associations unable to retrieve associations AccessDeniedException: User: arn:aws:sts::XXXXXXXXXX:assumed-role/aws-elasticbeanstalk-ec2-role/i-YYYYYYYYYY is not authorized to perform: ssm:ListAssociations on resource: arn:aws:ssm:us-east-1:XXXXXXXXXX:*
status code: 400, request id: ''
Before rolling this nginx proxy file, everything was working fine. I am not sure what I did wrong?
Two things I am trying immediately:
Override /etc/nginx/conf.d/proxy.conf on my worker env manually with the old proxy.conf file I have.
Restart nginx to see if job/s are back to normal
But few points I would like to point here:
Both the ENVs are not supposed to use the same Running version?
If my above approach works, that means I will have 2 different proxy files on different ENV. In future, if I deploy to my worker ENV, it will override the custom one. Can this be skipped?
Thanks for the help in advance!
I got the solution for this. My friend told me to handle this in below way:
STEP:1 inside config/environments/production.rb
change config.force_ssl = true to config.force_ssl = 'web'.eql?(ENV.fetch('EB_ENV', 'web'))
STEP:2 Define EB_ENVenvironment variable as web for Web ENV or worker/whatever you like for Worker ENV
Thanks friend! Much appreciated.
I have successfully deployed my Rails app to the Google App Engine (my domain is also hosted by Google), and now I would like to redirect anyone going to my http:// address to my https:// address.
I have found the documentation to do so for a Python app here using the handlers element in the app.yaml file, and have attempted to replicate it in my own.
My app.yaml file now contains this:
handlers:
- url: /.*
script: config/application.rb
secure: always
redirect_http_response_code: 301
However I can still visit http:// without being redirected, and I think that it's because of the script: config/application.rb option that I've passed. I have no idea which file I should use or what that file should contain in a Rails app. Deployment breaks if I do not pass the script option.
Let me know if you need any more info, and thanks in advance for your help!
Well you can enforce SSL through your app's config/environments/production.rb file, you just need to add one line:
Rails.application.configure do
# Other code...
config.force_ssl = true # add this line to force HTTPS on production
end
This will do 3 things for your application, actually:
TLS redirect
Secure cookies: Sets the secure flag on cookies
HTTP Strict Transport Security (HSTS)
Read more about your application's configuration at http://guides.rubyonrails.org/configuring.html
Using localhost:3000 I was able to install the shopify store and interact with it. However, when deploying it into production, which is in a subdirectory (www.website.com/app_name), the "login" for the shop is redirected to root and not to the subdirectory. I whitelisted the redirect urls in the shopify app dashboard.
In omniauth.rb
callback_url: "http://{domain}/{app_name}/auth/shopify/callback"
In routes.rb
mount ShopifyApp::Engine, at: '/{app_name}'
Apart from the code above, the settings for shopify are the ones that the generator created. Any ideas in how to fix this?
Tanks!
When I did that pattern I had to set the prefix for OmniAuth... in my old config.ru that works for this.. see..
use OmniAuth::Builder do
# allow us to connect this App via the /fooblefuzz route instead of just
the root of the heroku app URL /
configure do |config|
config.path_prefix = '/fooblefuzz/auth'
end
So this code works as https://www.example.com/fooblefuzz/auth/shopify/callback
I have an action, that generates a PDF files and save it in the /public/output.pdf.
When I set
config.serve_static_assets = false
this file can't be found.
What's wrong ?
From the documentation:
"config.serve_static_assets configures Rails itself to serve static
assets. Defaults to true, but in the production environment is turned
off as the server software (e.g. Nginx or Apache) used to run the
application should serve static assets instead. Unlike the default
setting set this to true when running (absolutely not recommended!) or
testing your app in production mode using WEBrick. Otherwise you won´t
be able use page caching and requests for files that exist regularly
under the public directory will anyway hit your Rails app."
Which means that if you set that to false Rails will not serve any assets from your public folder as it is assumed that a front-end web server (apache/nginx) will handle it. This lessons the load on Rails as the front-end server is much, much more efficient at serving files directly.
After testing, I came to this conclusion:
1) when using the command
rails s -e production
Rails will only serve the statics files. Any other file created after you compile your assets will not be found.
To handle this, you need to execute your application under a web server like Apache, Nginx or other. These web servers will serve this files for you.
This looks to be obvious, but not for a beginner.