2

I have rails applications where I am loading comments using Ajax after page load.

class CommentsController < ApplicationController
  respond_to :js

  def index
    @comments = Comments.all
    respond_with @comments
  end
end

It is working as expected. But bingbot is trying to access this url with which it leads to

An ActionController::InvalidCrossOriginRequest occurred in comments#index: Security warning: an embedded tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

like that it is coming for all url's which are only responding to js format.

I know about rack-cors, but it is for allowing cross side script access, but here it is not.

app/views/comments/index.js.erb

$('.comments_container').html("<%=j render 'comments' %>");

comments.js

jQuery(function() {
  return $.ajax({
    url: $('.comments_container').data('url')({
      dataType: "script"
    })
  });
});
Rahul Chaudhari
  • 2,230
  • 21
  • 29

1 Answers1

0

Assuming you need some help with CORS(Cross-origin resource sharing), You are getting error because your CORS policy is default to "denying" every direct XHR access.

You can use the rack-cors gem https://github.com/cyu/rack-cors to avoid this. Hope this help!

  • You shouldn't need to change your policy to allow access to bots. You should add the attribute "rel='nofollow'" to remote links so that bots don't follow them. Unfortunately, this will not work with bots that disregard this convention. But the famous bots (bingbot, googlebots) will not request your js links. – Nikhil Gupte Jan 12 '15 at 12:54