love movie

vincent.github said about 3 years ago on Cross-Origin Resource Sharing (CORS) :

hi i was looking for a smart solution to deal with cors. And to be honest I haven't found within the video and code the mission that I m targeting.
here the deal for me. I want to let access to some ajax or fetch, based on the environment, and also only allow requests from the same environment.
I agree it's not easy to explain within few sentences, but here the thing: how only allow requests from www.example.com to www.example.com/api/....

so here my code but seems to not do the job yet probably need some more from you. Waiting your dedicated answer :-)

# within config/initializers/cors.rb
# ENV["CUSTOM_RAILS_ENV"] is kinda solution to execute some instence variables based on staging, production...
# ENV["URL_DOMAIN"] is the url like www.example.com (for production) but it will https://example.herokuapp.com/... for staging environment

case ENV["CUSTOM_RAILS_ENV"].to_sym

when :staging || :landing_page || :production
  puts ""
  print(":staging || :landing_page || :production CORS")
  puts ""
  Rails.application.config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins "*"
      resource "*",
               headers: :any,
               methods: :get,
               if: proc { |env| env["HTTP_HOST"] == ENV["URL_DOMAIN"] }
               # 💎 for instance here i am expecting that URL_DOMAIN is www.example.com
               #  only  requests from www.example.com are alowed to www.example.com/api/...
    end
  end
when :local
  puts ""
  print("Local CORS")
  puts ""
  Rails.application.config.middleware.insert_before 0, Rack::Cors do
    allow do
      # origins '3f3439f8d20e.ngrok.io'
      origins "localhost:3000"

      resource "*",
               headers: :any,
               methods: %I[get post put patch delete options head]
    end
  end
else
  print("There is an error inside cors setup")
end

0 0 0

Learning Paths

Video Logs new

Blog

Merchandise

Forums new