Reputation: 189
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access
I am trying to use omniauth to direct my client to an external services authorization page. My client uses ember.js and my server is a rails server. As things stand, I am able to make the call with little problem on my server side, but my client will not redirect, thoring me an error reading
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 404.
Doing some research has shown that I need to use CORS, which I have installed and configured. Now I just need to know where and how I apply the access-control-allow-origin header to my code. Can anyone help me with this problem?
my route:
get 'auth/:provider/callback' => 'sessions#create'
my sessions controller:
class SessionsController < ApplicationController
def create
@request.env
auth = request.env['omniauth.auth']
Account.recieve_donation(auth)
end
end
Upvotes: 2
Views: 3871
Answers (2)
Reputation: 286
I found a ruby gem Rack CORS Middleware to solve the 'Access-control-allow-origin' header problem.
If you don't want to use ruby gem, add the following code in your controller(application_controller, other_name_controller)
before_action :allow_cross_domain_access
after_action :cors_set_access_control_headers
def allow_cross_domain_access
headers['Access-Control-Allow-Origin'] = '*'# http://localhost:9000
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = '1728000'
end
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = "1728000"
end
Upvotes: 0
Reputation: 1870
Here is what you will have to do If you are making GET request, your client request have to send Origin header and then your server have to send the Access-Control-Allow-Origin header in the response. Values of both of these header have to be the same to allow cross origin resource sharing.
Upvotes: 0
Related Questions
- Access-Control-Allow-Origin error when using ember.js(with ember-cli)
- Ember app has been blocked by CORS policy
- How to enable CORS in an EmberJS application?
- Ajax - "Access-Control-Allow-Origin" error in ember.js
- Get around: No 'Access-Control-Allow-Origin' header is present on the requested resource
- CORS preflight channel did not succeed
- Not able to make request to backend server in ember (error :'No Access-Control-Allow-Origin')
- No 'Access-Control-Allow-Origin' header is present on the requested resource
- Ember-CLI and Rails: No 'Access-Control-Allow-Origin' header error
- Why isn't Ember.js seeing the Access-Control-Allow-Origin header from my server?