AMP Access-Control-Allow-Credentials Error - ruby-on-rails

I have problem After google cache my AMP page. I am implementing amp page with rails 5. Using rake-cors gem for cross-origin. Normally page working fine but after the cache is shown console error.
Error:
The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'https://www-myurl-in.cdn.ampproject.org' is therefore not allowed access.
config/application.rb
config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'https://www-myurl-in.cdn.ampproject.org'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
I don't know where I change in my code, Please help me.

After modifying Response Header its working fine.
response.headers['AMP-Redirect-To'] = request.protocol+request.host_with_port+url
response.headers['Access-Control-Expose-Headers'] = 'AMP-Redirect-To, AMP-Access-Control-Allow-Source-Origin'
response.headers['AMP-Access-Control-Allow-Source-Origin'] = params[:__amp_source_origin]

Related

Cannot fetch data from Rails at ReactJS

I am using front-end source is ReactJS at port 5555, and my back-end is Rails at port 8888. I was trying to fetch data from Rails at React by using:
const url = 'http://localhost:8888/problems';
fetch(url)
.then(res => {
res.json();
})
.then(response => {
console.log(response);
})
.catch(error => {
console.log(error);
});
but I was received the message:
Access to fetch at 'http://localhost:8888/problems' from origin 'http://localhost:5555' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I have no idea about that error. Please help me to fix it
Read more about CORS
to fix this, you need rack-cors gem in your Gemfile gem 'rack-cors'
in config/application.rb
# Rails 5
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
# Rails 3/4
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
that would suffice for your local right now. You will need to modify it if you deploy your code.
As comment said, this is a CORS error.
You could fix it according to this question allow-anything-through-cors-policy

Check origin in Rails 5 API

I'm building an app with Rails 5 API. Currently, anyone sending request to my rails server can receive response.
I want to process only those requests whose origin is mydomain.com
How can I do so?
I believe you'll want to implement CORS on your API.
Simply add rack-cors gem.
And add:
#config/application.rb
config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'mydomain.com' resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
Please read carefully its documentation
You'll find very useful information there.

No Access-Control-Allow-Origin header

I am out of ideas. I made a small app for a friend who is using it in a school. As long as it is on non-school internet, it works fine. At school, though, there are two buttons that don't work. They both are making an ajax request to a different controller. They give a no access-control-allow-origin header error. I have tried every fix that I can find, and nothing will work. I am out of ideas. The current iteration involves the rack-cors gem, which I have below. I have also tried the fixes at
CORS issue: Getting error "No 'Access-Control-Allow-Origin' header is present" when it actually is, XMLHttpRequest No 'Access-Control-Allow-Origin' header is present on the requested resource, http://www.yihangho.com/rails-cross-origin-resource-sharing/, and http://leopard.in.ua/2012/07/08/using-cors-with-rails/. Is there anything else I can do?
config.ru
require 'rack/cors'
use Rack::Cors do
allow do
origins '*'
resource '*',
:headers => :any,
:methods => [:get, :post, :delete, :put, :options, :patch]
end
end
application.rb
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :options, :put]
end
end
CORS is designed to prevent cross domain XML requests.
I'm not sure as to the specific reasons for this, but the short of it is that if you try and hit an external domain with Ajax (without CORS permissions granted), it will be denied.
As long as it is on non-school internet, it works fine
Yep, because the "domain" will be considered "local" Sorry I misread that as "Intranet".
This will depend on the server you're accessing - you need to make sure the server has CORS enabled.
I've dealt with a similar issue to you before.
You've done the right thing by using rack-cors:
#config/application.rb
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*' #-> has to be "*" or specific
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
If you're using this (remember, you have to restart your server to get it working), it should work.
The main considerations for CORS are the origin and resource - they either have to be "*" (all), or explicitly defined (IE google.com or something).
In your case, allowing them "all" should be okay to test - you'll then need to ensure you have the specific domain defined.

Ruby on Rails - AJAX request not working (cross-origin), tried everything

(sorry for bad english)
I try to execute an ajax request but it doesn't work due to same-origin policy. My application is not deployed yet and I use Ruby on Rails 3.2.3 with Unicorn server.
The AJAX request is in an asset javascript file and I call it in a view. when I try to get the datas from the AJAX requests, the console says
"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [url]. This can be fixed by moving the resource to the same domain or enabling CORS."
I tried everything :
Use jsonp in ajax request : console.log said syntax error
Use rack cors, with making everything said on the readme (https://github.com/cyu/rack-cors), but it didn't work, still the same message in the console (restatring server or not)
Try some syntaxes for rack-cors said on every post about it in stack overflow I could find, I tried this :
application.rb :
config.middleware.insert_before ActionDispatch::Static, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options], expose: :location
end
but it didn't work, and I tried this in config.ru
use Rack::Cors do
# allow all origins in development
allow do
origins 'localhost:3000'
resource '*',
:headers => :any,
:methods => [:get, :post, :delete, :put, :options]
end
end
I tried this code with "origins 'localhost:3000'" ans with "origins '*'" but none of them worked, I didn't forgot the "require 'rack/cors'"
I am desperte, could you help me please ?
It is almost undoubtedly that you aren't defining the proper headers to allow access. The following walk-through should get you going:
http://dotnet-concept.com/Tip/2015/3/5798824/Cross-Origin-Request-Blocked-The-Same-Origin-Policy-disallows-reading-the-remote-resource-This-can-be-fixed-by-moving-the-resource-to-the-same-domain-or-enabling-CORS-
We had a similar situation that was resolved using rack-cors
Gemefile:
gem 'rack-cors', :require => 'rack/cors'
application.rb:
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
Don't forget to restart your rails server!
EDIT:
It just occurred to me, that this will only work in production if you are using your app server as the web server as well. If you are using Nginx or Apache as your web server, then your static assets will be served from it. You will have to enable CORS on Nginx/Apache.

Strophe-Ejabberd-Rails: Access-Control-Allow-Origin Error

I am getting the CORS error while trying to connect xmpp server, ejabberd running on port 5280 using Strophe on Rails app.
XMLHttpRequest cannot load http://localhost:5280/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
I tried the following ways to resolve the issue.
=> enabled cors for all domains in application.rb
config.middleware.use Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
=> Added strophe.flxhr.min.js but it gave another error flensed is not
defined, which I wasn't able to resolve.
How to resolve this error.
Changing http://localhost:5280/ to http://localhost:5280/http-bind resolves the issue.

Resources