Cross-Origin Resource Sharing with Rails
Piotr Misiurek @ WRUG 19.06.2012
www.piotrmisiurek.pl
www.salelo.com
CORS to rozwiązanie wobec
ograniczeń Same Origin Policy:
ograniczenie do zasobów pochodząych z innych domen/hostów
A czasem chcielibyśmy z nich korzystać w pełni:
- JSON API używane przez AJAXa
Jak obejść Same Origin Policy:
nowa metoda http OPTIONS
RAILS
match "*path" => "cross_domains#options_request", constraints: {method: 'OPTIONS'}
class Api::CrossDomainsController < Api::ApplicationController
def options_request
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'X-CSRF-Token'
headers['Access-Control-Max-Age'] = '1728000'
render text: ''
end
end
module Api
class ApplicationController < ActionController::Base
respond_to :json
before_filter :set_headers
def set_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
end
end