I have two separate apps, an ember app and a rails app on the same server. Right now, I'm testing locally.
My Ember requests are not going out to the rails (localhost:3000). I cannot seem to figure out if that's happening because it thinks that it is a cross-domain request. Will it be considered a cross-domain request, even though they're on the same server? If so, is there anyway to avoid this cross-domain request since they are on the same server without promising security? Or do I need to stick to JSONP?
I have two separate apps, an ember app and a rails app on the same server. Right now, I'm testing locally.
My Ember requests are not going out to the rails (localhost:3000). I cannot seem to figure out if that's happening because it thinks that it is a cross-domain request. Will it be considered a cross-domain request, even though they're on the same server? If so, is there anyway to avoid this cross-domain request since they are on the same server without promising security? Or do I need to stick to JSONP?
Share Improve this question asked Jun 25, 2013 at 22:21 darkskydarksky 21.1k64 gold badges171 silver badges257 bronze badges3 Answers
Reset to default 7Yes, a request to a different port is a cross-domain request. The browser is making a preflight OPTIONS request (CORS) and not getting an answer. It is then dropping the original request. You need to have the server respond with the proper CORS headers to this OPTIONS request. The browser will then make the orignal request.
Here is more information on CORS.
Here is the code from my application controller:
class V1::ApplicationController < ApplicationController
after_filter :cors_set_access_control_headers, :log_user
# respond to options requests with blank text/plain as per spec
def cors_preflight_check
logger.info ">>> responding to CORS request"
render :text => '', :content_type => 'text/plain'
end
# For all responses in this controller, return the CORS access control headers.
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Headers'] = 'X-AUTH-TOKEN, X-API-VERSION, X-Requested-With, Content-Type, Accept, Origin'
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
And from routes.rb:
match '/*path' => 'application#cors_preflight_check', :via => :options
There is also a rack plugin that can handle this: rack-cors
You dont say what platform you're running on, but the best solution for this kind of thing Ive found is tape
https://github./metajack/tape
This will allow you to set up a little reverse proxy - and map a url to your rails app, whilst serving your JS.
Different ports, are considered different domains by the security sandbox, thus you will need a reverse proxy in place, if you are serving your ember, and rails separately.
I guess you have a couple of options depending if your app's are running in development or production mode, this are:
Development mode only
- If you are using
chrome
orchromium
as your develpment browser you could start it with the flag--args --disable-web-security
Development and production mode
- Use
jsonp
as you already mentioned - Add to your server configuration Cross-Origin Request headers
Access-Control-Allow-Origin: *
since you are using rails have a look here. - Serve your app's under the same domain & port variing only on the path
http://myhost./app1
,http://myhost./app2
etc.
Hope it helps.