I am using react for the front end and Ruby on Rails for the back end. I am using version 2.6.1 for ruby on rails.
When I started my application I am getting an error saying...
"Access to fetch at 'http://localhost:3000/profile' from origin 'http://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
Related
I have received the error message while working with Angular 7
localhost/:1 Access to XMLHttpRequest at 'http://localhost:58523/api/DashboardLoaderService/1' from origin 'http://localhost:59484' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I received the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <my-ip-address> (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
after calling the rest server from my angular app, the code was working perfect when I was using local rest server
I am trying to use omniauth for authentication in my rails/react app using the shopify strategy.
After sending the user to the omniauth path:
SessionsController
def authenticate
redirect_to "/auth/shopify?shop=#{params[:shop]}"
end
Omniauth is sending a 302 redirect to my browser:
Rails Output
(shopify) Setup endpoint detected, running now.
(shopify) Request phase initiated.
127.0.0.1 - - [29/Mar/2018:15:02:40 DST] "GET /auth/shopify?shop=xxx.myshopify.com HTTP/1.1" 302 280
http://localhost:8082/ -> /auth/shopify?shop=xxx.myshopify.com
After that happens, a CORS error appears in my browser:
Failed to load https://x.myshopify.com/admin/oauth/authorize?client_id=x&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fshopify%2Fcallback&response_type=code&scope=read_products&state=x:
Redirect from 'https://x.myshopify.com/admin/oauth/authorize?client_id=x&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fshopify%2Fcallback&response_type=code&scope=read_products&state=x'
to 'https://x.myshopify.com/admin/auth/login' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'null' is therefore not allowed access.
This causes my fetch request to fail without anything in the error object.
How can I prevent this error?
I'm using a C9 AWS instance to run an API REST written in ruby on rails, and i'm consuming the resources from an Ionic App with simple http calls.
When i make a http request from the ionic app, the server response with this message:
Failed to load https://the_server.vfs.cloud9.us-east-2.amazonaws.com/resource: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 404.
How can I enable the CORS in the Cloud 9 instance ?
I have already enable the CORS in rails with the rack-cors gem
The call to https://the_server.vfs.cloud9.us-east-2.amazonaws.com/resource is being handled by a proxy. To allow CORS, you need to call the server directly. You can do that
by connecting to the server IP address, and opening the correct ports. It's described here: https://docs.aws.amazon.com/cloud9/latest/user-guide/app-preview.html?icmpid=docs_ac9_ide#app-preview-share
I am upgrading Rails application from Rails 4.1.1 to Rails 5.1.4.
I have 2 applications, One is Web app(using for angular), and other is API app.
What I am doing, I am sending request from Web app(Rails with Angular) and fetching data from API app. But when I send request from Web app got error mentioned below:
Failed to load http://api.myapp:3001/user: Response to preflight
request doesn't pass access control check: The value of the
'Access-Control-Allow-Origin' header in the response must not be the
wildcard '*' when the request's credentials mode is 'include'. Origin
'http://myapp:3000' is therefore not allowed access. The credentials
mode of requests initiated by the XMLHttpRequest is controlled by the
withCredentials attribute.
http://myapp:3000' -> Web application and request sending to API
http://api.myapp:3001/user -> API application to send response
After google the issue, I found one gem called rack-cors.
In Web and API both application, I have added
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
But still getting the issue. Please let me know.
Well, the message:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include']
Seems that you are sending credential information from your Angular application and the domain is not whitelisted. You could try, for test, set withCredentials to false, or permit the domain.
This could help you: http://50linesofco.de/post/2017-03-06-cors-a-guided-tour