Ember App Requests to Rails App — Cross Domain?

Question

I have two separate apps, an ember app and a rails app on the same server. Right now, I'm testing locally.

My Ember requests are not going out to the rails (localhost:3000). I cannot seem to figure out if that's happening because it thinks that it is a cross-domain request. Will it be considered a cross-domain request, even though they're on the same server? If so, is there anyway to avoid this cross-domain request since they are on the same server without compromising security? Or do I need to stick to JSONP?

Answer 1

Yes, a request to a different port is a cross-domain request. The browser is making a preflight OPTIONS request (CORS) and not getting an answer. It is then dropping the original request. You need to have the server respond with the proper CORS headers to this OPTIONS request. The browser will then make the orignal request.

Here is more information on CORS .

Here is the code from my application controller:

class V1::ApplicationController < ApplicationController
after_filter :cors_set_access_control_headers, :log_user

# respond to options requests with blank text/plain as per spec
def cors_preflight_check
  logger.info ">>> responding to CORS request"
  render :text => '', :content_type => 'text/plain'
end

# For all responses in this controller, return the CORS access control headers. 
def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Headers'] = 'X-AUTH-TOKEN, X-API-VERSION, X-Requested-With, Content-Type, Accept, Origin'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
  headers['Access-Control-Max-Age'] = "1728000"
end

And from routes.rb:

match '/*path' => 'application#cors_preflight_check', :via => :options

There is also a rack plugin that can handle this: rack-cors

Answer 2

You dont say what platform you're running on, but the best solution for this kind of thing Ive found is tape

https://github.com/metajack/tape

This will allow you to set up a little reverse proxy - and map a url to your rails app, whilst serving your JS.

Different ports, are considered different domains by the security sandbox, thus you will need a reverse proxy in place, if you are serving your ember, and rails separately.

Answer 3

I guess you have a couple of options depending if your app's are running in development or production mode, this are:

Development mode only

• If you are using chrome or chromium as your develpment browser you could start it with the flag --args --disable-web-security

Development and production mode

• Use jsonp as you already mentioned
• Add to your server configuration Cross-Origin Request headers Access-Control-Allow-Origin: * since you are using rails have a look here .
• Serve your app's under the same domain & port variing only on the path http://myhost.com/app1 , http://myhost.com/app2 etc.

Hope it helps.