1

I am upgrading Rails application from Rails 4.1.1 to Rails 5.1.4. I have 2 applications, One is Web app(using for angular), and other is API app.

What I am doing, I am sending request from Web app(Rails with Angular) and fetching data from API app. But when I send request from Web app got error mentioned below:

Failed to load http://api.myapp:3001/user: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://myapp:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

http://myapp:3000' -> Web application and request sending to API

http://api.myapp:3001/user -> API application to send response

After google the issue, I found one gem called rack-cors. In Web and API both application, I have added 

config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*', :headers => :any, :methods => [:get, :post, :options]
  end
end

But still getting the issue. Please let me know.

RoR developer
  • 61
  • 1
  • 7

1 Answers1

0

Well, the message:

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include']

Seems that you are sending credential information from your Angular application and the domain is not whitelisted. You could try, for test, set withCredentials to false, or permit the domain.

This could help you: http://50linesofco.de/post/2017-03-06-cors-a-guided-tour

Alfredo Del Fabro Neto
  • 67
  • 1
  • 9