There is a rails app that servers an ember.js application via
rails-ember
and another site that has the data. Once the ember app is running it
gets
ember-data from a data server. In a couple of cases it can also do puts
to
the data server via ember data model.save() calls …
The ember app on a put does an http options method. For some reason the
options method does not have the api_key that the other methods
typically
have.
Here are changes I made to the rails data server:
============
application.rb in config:
here I tried to add a specific rule for put, but it did not seem to
work ?
so my rule is very general allowing any put for now
…
…
config.middleware.use Rack::Cors do
allow do
allowed_origins = (ENV['CORS_ORIGINS'] || '').split(',')
origins(*allowed_origins)
resource '*', headers: :any, methods: [:get, :options, :put]
# !!! seperate rule not working ?
# resource '*/comments/*', headers: :any, methods: [:get,
:options,
:put]
end
end
##########################
in my app controller I do not check for logged in user for an options
method as I am not sure why it does not get an api_key
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate!
def authenticate!
unless request.method.eql?('OPTIONS')
unless current_user
render json: { error: 'Unauthorized access' }, status: 401
end
end
end
#########################
one of my other controllers that gets a pre flight options
method from ember, I did the following:
skip_before_filter :verify_authenticity_token, :only => [:options]
#########################
If anyone has any comments on how this may work as a solution, how to
improve it etc … that would be appreciated … thanks