Skip to main content

Enabling Cross Origin Resource (CORS) Sharing In Rails

How can my application share it's resources with another client? This is where the CORS, or Cross Origin Resource protocol comes in. CORS introduces a standard mechanism that can be used by all browsers for implementing cross-domain requests. The spec defines a set of headers that allow the browser and server to communicate about which requests are (and are not) allowed. CORS continues the spirit of the open web by bringing API access to all.

What is a cross-site request?

Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. Such requests are subject to security-based restrictions. To handle this restrictions, and get around them in a secure manner, W3C developed CORS.

What is CORS?

The Cross-Origin Resource Sharing (CORS) mechanism provides a way for a server to support cross-site requests and enable the secure transfer of data across different domains/sites.

How can our Rails API utilize CORS?

When the API is not configured to respond to requests you will likely get the error “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”. In other words, you won’t be able to call the API directly. So if you have your frontend and backend on different domains you’ll need to allow CORS (cross-origin HTTP request) with the rack-cors gem. This gem provides Rack CORS Middleware to our Rails app, allowing it to support cross-origin resource sharing.

Setting up Rack-CORS:

A few easy steps and we'll be ready to go!
    1. Add the following to your Gemfile and bundle install: 
      gem 'rack-cors', :require=>'rack/cors’
    2. Then run bundle install
    3. Add your API module to config/application.rb and configure your Rack-CORS Middleware: 
      classApplication <Rails::Application

    # Rails 5

    config.middleware.insert_before 0, Rack::Corsdo

      allow do

        origins '*'

        resource '*', :headers=>:any, :methods=>[:get, :post, :options]

      end

    end



    # Rails 3/4

    config.middleware.insert_before 0, "Rack::Cors"do

      allow do

        origins '*'

        resource '*', :headers=>:any, :methods=>[:get, :post, :options]

      end

    end

end
    4. With origins "*", we specify that our API will accept HTTP requests from any domain in the whole wide internet.
    5. With resource "*", we specify that a cross-origin request can access any of our resources.
    We then specify that a cross-origin request using any HTTP method will be accepted–although, if you recall, we defined our Graduates class inside our API module to respond to only requests for all grads or just one grad.
     
Labels:
Location: Nagpur, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

GraphQL With Ruby

Now a day’s most of the web or mobile applications fetch data from server which is stored in a database. REST API provides an interface to stored data that require by the applications. GraphQL is a query language for REST API's not for server databases. It is database agnostic and effectively can be used in any context where an API is used. GraphQL provide platform for declarative data fetching where client need to specify what data needs from API in response. Instead of multiple endpoints that return fixed data structures, a GraphQL server only exposes a single endpoint and responds with precisely the data a client asked for. GraphQL minimizes the amount of data that needs to be transferred over the network and improves applications operating under these conditions. Introduction to GraphQL API on Ruby on Rails Start with adding gem in Gemfile gem ‘graphql’ Run command bundle install Run command rails generate graphql:install Above command will add gr...
3 comments
Read more

Best In Place Gem In Ruby On Rails Tutorial

The best_in_place gem is the easiest solution for in place editing in Ruby on Rails. This gem provides functionality of “in place editing” in ruby on rails without writing any extra ajax code. It supports text inputs, textarea, select dropdown, checkboxes, jQuery UI Datepickers, etc. Also Displays server-side validation Installation Steps of “best_in_place” Gem : Installing best_in_place is very easy and straight-forward. Just begin including the gem in your Gemfile: gem ‘best_in_place’ After that, specify the use of the jquery and best in place javascripts in your application.js, and optionally specify jquery-ui if you want to use jQuery UI datepickers: //= require jquery //= require best_in_place //= require jquery-ui //= require best_in_place.jquery-ui Then, just add a binding to prepare all best in place fields when the document is ready: $(document).ready(function() { /* Activating Best In Place */ jQuery(".best_in_place").best_in_place(); });...
1 comment
Read more

Data scraping in Ruby on Rails using Nokogiri and Mechanize Gem

What is Data scraping? Website/Data  Scraping  is a technique to operating large amounts of  data  from websites whereby the  data  is extracted and displayed in own sites or it can be stored to a File/Database. Data scraping is basically used where the websites does not provides API. Some Applications do not provide API to collect records. For the same , Data Scraping technique is used. The data can be scraped using Nokogiri Gem. The steps are required: Add the gem “gem ‘nokogiri’, ‘~> 1.8’, ‘>= 1.8.1'” . Then run the bundle install Add the “require ‘nokogiri'” , “require ‘open-uri'” line where you will write the code for the scraping. The controller of the page will look like below: The view of the code of view page will look like : The result in our application will look like: Mechanize Gem in rails The Mechanize library is used for automating interaction with websites. Mechanize automatically stor...
1 comment
Read more