CODEWITHSUNDEEP
ruby-on-railsnode.jsreactjsruby-on-rails-4cors
anonn023432
anonn023432

Reputation: 3120

All requests blocked by CORS policy on development

I have a Rails API with a React client side. I have had everything in the app setup for a long time now and today while I was working on it I suddenly started getting the error:

Access to XMLHttpRequest at 'http://localhost:3000/api/v1/user/authed'
from origin 'http://localhost:8000' has been blocked by CORS policy: 
The value of the 'Access-Control-Allow-Origin' header in the response 
must not be the wildcard '*' when the request's credentials mode is 
'include'. The credentials mode of requests initiated by the 
XMLHttpRequest is controlled by the withCredentials attribute.

Now none of the requests in my application work at all.

The request does go through from the React app to the Rails API and the Rails API responds properly as well (I can see this in the terminal) but nothing actually happens on the Client side because I am assuming it gets blocked for the CORS reason.

Is there something I can do to fix this? Could it be that some package is somehow updated on my system and different from the project so now it breaks?

URL to make request to:

const ENDPOINT = '/api/v1',
      PORT = 3000,
      URL = window.location.protocol + '//' + window.location.hostname + ':' + PORT + ENDPOINT;

The request

$.ajax({
  url: URL + '/' + resource,
  type: verb,
  data: params,
  xhrFields: { withCredentials: true }
})
  .done(callback)
  .fail(errcallback);

Request functions have the format:

static get(resource, params, callback, errcallback) {
  API.send('GET', resource, params, callback, errcallback);
}

Upvotes: 2

Views: 1669

Answers (1)

wdm
wdm

Reputation: 7189

If your API doesn't require credentials you should remove withCredentials: true.

More about withCredentials:

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

Upvotes: 2

Related Questions