I am upgrading Rails application from Rails 4.1.1 to Rails 5.1.4.
I have 2 applications, One is Web app(using for angular), and other is API app.
What I am doing, I am sending request from Web app(Rails with Angular) and fetching data from API app. But when I send request from Web app got error mentioned below:
Failed to load http://api.myapp:3001/user: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://myapp:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
http://myapp:3000' -> Web application and request sending to API
http://api.myapp:3001/user -> API application to send response
After google the issue, I found one gem called rack-cors.
In Web and API both application, I have added
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end
But still getting the issue. Please let me know.
Well, the message:
Seems that you are sending credential information from your Angular application and the domain is not whitelisted. You could try, for test, set withCredentials to false, or permit the domain.
This could help you: http://50linesofco.de/post/2017-03-06-cors-a-guided-tour