Requests to ring-cors enabled site fails

Question

I have two ring sites: mysite.com and api.mysite.com. api.mysite.com has the ring-cors middleware enabled:

(def app
  (-> (make-handler v1-routes)
      (wrap-defaults api-defaults)
      (wrap-cors :access-control-allow-origin  [#".*"]
                 :access-control-allow-headers ["Content-Type"]
                 :access-control-allow-methods [:get :put :post :delete :options])))

When I do a GET or POST request, the preflight succeeds but the GET or POST fails with:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.site.com/v1/site. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

I can see in the debugger that Access-Control-Allow-Origin is included in the OPTIONS response but not in the subsequent GET or POST response.

Any idea what's up? My app is a bit complex and also has bidi, liberator, and some hosts file and nginx stuff going on. I think those can be put aside for now and the issue traced to some problem with the middleware or middleware configuration.

score 0 · Answer 1 · edited May 23 '17 at 12:00

0

I am not sure that you can use wildcard on sub-domains. See this SO answer for more details. Looks like the spec requires either a domain name or a wildcard, but not both.

You might try adding your domain to see if this fixes the problem, and then go from there.

wrap-cors :access-control-allow-origin  [#"http://sitename.com"]

edited May 23 '17 at 12:00

Community

1
1

answered Sep 30 '16 at 14:07

nrako

2,952
17
30

It looks like `ring-cors` matches against given regex and associates the origin to the `access-control-allow-origin` header when matched. So nope, this doesn't appear to be the answer. – deadghost Oct 12 '16 at 18:37

Requests to ring-cors enabled site fails

1 Answers1