Login modal using default rails ajax request not working with subdomains
122 views
Skip to first unread message
Akhil Sharma
Oct 16, 2015, 3:37:03 AM10/16/15
to rubyonra...@googlegroups.com
I am having a devise user model.
To login I am using twitter-bootstrap modal.The modal is by default
hidden and shown only after an rails default ajax request is send to the
server.
It works fine with localhost and production. But when a user is on a
subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal
window does not pop up and the ajax request fails.
I am sharing the session across all the domains.
My SessionStore initializer.
> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'
PFB the error.log for the same.
Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested
protected JavaScript. If you know what you're doing, go ahead and
disable forgery protection on this action to permit cross-origin
JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms |
ActiveRecord: 1.6ms)
ActionController::InvalidCrossOriginRequest - Security warning: an
embedded <script> tag on another site requested protected JavaScript. If
you know what you're doing, go ahead and disable forgery protection on
this action to permit cross-origin JavaScript embedding.:
actionpack (4.2.4)
lib/action_controller/metal/request_forgery_protection.rb:225:in
`verify_same_origin_request'
activesupport (4.2.4) lib/active_support/callbacks.rb:432:in `block in
make_lambda'
activesupport (4.2.4) lib/active_support/callbacks.rb:239:in `block in
halting'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `block in
call'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in
`__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in
`_run_process_action_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in
`process_action'
actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in
`process_action'
actionpack (4.2.4)
lib/action_controller/metal/instrumentation.rb:32:in `block in
process_action'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in
`block in instrument'
activesupport (4.2.4)
lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in
`instrument'
actionpack (4.2.4)
lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.4)
lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.4)
lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.4)
lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in
action'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in
`dispatch'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in
`serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block
in serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in
`call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in
`call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in
`call'
activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.4)
lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in
`call'
activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in
`block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:88:in
`__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in
`_run_call_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in
`call'
actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in
`call'
actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in
`call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in
`protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in
`better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.2.1) lib/web_console/middleware.rb:39:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in
`block in tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in
`tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in
`tagged'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in
`call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.4)
lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in
`call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.4) lib/rails/engine.rb:518:in `call'
railties (4.2.4) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
puma (2.9.2) lib/puma/server.rb:490:in `handle_request'
puma (2.9.2) lib/puma/server.rb:361:in `process_client'
puma (2.9.2) lib/puma/server.rb:254:in `block in run'
puma (2.9.2) lib/puma/thread_pool.rb:92:in `block in spawn_thread'
--
Posted via http://www.ruby-forum.com/.
To login I am using twitter-bootstrap modal.The modal is by default
hidden and shown only after an rails default ajax request is send to the
server.
It works fine with localhost and production. But when a user is on a
subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal
window does not pop up and the ajax request fails.
I am sharing the session across all the domains.
My SessionStore initializer.
> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'
PFB the error.log for the same.
Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested
protected JavaScript. If you know what you're doing, go ahead and
disable forgery protection on this action to permit cross-origin
JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms |
ActiveRecord: 1.6ms)
ActionController::InvalidCrossOriginRequest - Security warning: an
embedded <script> tag on another site requested protected JavaScript. If
you know what you're doing, go ahead and disable forgery protection on
this action to permit cross-origin JavaScript embedding.:
actionpack (4.2.4)
lib/action_controller/metal/request_forgery_protection.rb:225:in
`verify_same_origin_request'
activesupport (4.2.4) lib/active_support/callbacks.rb:432:in `block in
make_lambda'
activesupport (4.2.4) lib/active_support/callbacks.rb:239:in `block in
halting'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `block in
call'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in
`__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in
`_run_process_action_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in
`process_action'
actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in
`process_action'
actionpack (4.2.4)
lib/action_controller/metal/instrumentation.rb:32:in `block in
process_action'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in
`block in instrument'
activesupport (4.2.4)
lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in
`instrument'
actionpack (4.2.4)
lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.4)
lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.4)
lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.4)
lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in
action'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in
`dispatch'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in
`serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block
in serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in
`call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in
`call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in
`call'
activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.4)
lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in
`call'
activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in
`block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:88:in
`__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in
`_run_call_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in
`call'
actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in
`call'
actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in
`call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in
`protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in
`better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.2.1) lib/web_console/middleware.rb:39:in `call'
actionpack (4.2.4)
lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in
`block in tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in
`tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in
`tagged'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in
`call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.4)
lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in
`call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.4) lib/rails/engine.rb:518:in `call'
railties (4.2.4) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
puma (2.9.2) lib/puma/server.rb:490:in `handle_request'
puma (2.9.2) lib/puma/server.rb:361:in `process_client'
puma (2.9.2) lib/puma/server.rb:254:in `block in run'
puma (2.9.2) lib/puma/thread_pool.rb:92:in `block in spawn_thread'
--
Posted via http://www.ruby-forum.com/.
Chris Ward
Oct 21, 2015, 1:42:53 AM10/21/15
to rubyonra...@googlegroups.com
Sorry to tell you, but this behavior is by design. You'll have to put it
on the same subdomain as the accessed page or use a workaround like an
API. This is actually a limitation of AJAX.
on the same subdomain as the accessed page or use a workaround like an
API. This is actually a limitation of AJAX.
Matt Jones
Oct 21, 2015, 11:31:16 AM10/21/15
to Ruby on Rails: Talk
On Friday, 16 October 2015 03:37:03 UTC-4, Ruby-Forum.com User wrote:
I am having a devise user model.
To login I am using twitter-bootstrap modal.The modal is by default
hidden and shown only after an rails default ajax request is send to the
server.
It works fine with localhost and production. But when a user is on a
subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal
window does not pop up and the ajax request fails.
I am sharing the session across all the domains.
My SessionStore initializer.
> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'
PFB the error.log for the same.
Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested
protected JavaScript. If you know what you're doing, go ahead and
disable forgery protection on this action to permit cross-origin
JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms |
ActiveRecord: 1.6ms)
This is a restriction of the browser security model - it's deliberately designed to restrict where AJAX requests etc can originate from to block several classes of attack.
You should look into rack-cors: https://github.com/cyu/rack-cors
to help send the appropriate preflight headers to allow this to work.
--Matt Jones
Daniel Loureiro
Oct 23, 2015, 2:51:42 PM10/23/15
to Ruby on Rails: Talk
your problem it's related with CORS.
maybe it will be required to send your credentials on your request (on the JS side) too.
A little recipe to solve this:
1. install rack-cors gem. On your Gemfile:
# Gemfile
gem 'rack-cors', :require => 'rack/cors'2. on shell:
bundle install3. on your application.rb:
# application.rb
...
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*' # on production, use the line below instead
# origins 'localhost:3001', 'myfabulousapp.com'
resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :head]
end
end
maybe it will be required to send your credentials on your request (on the JS side) too.
I don't know if you are using angular or jquery to communicate with your API, but I made this tutorial about how to integrate angular with devise, which can be useful for you (even that you aren't using angular, some tips are on the server side):
http://www.learnwithdaniel.com/2015/10/rails-angular-authentication/
http://www.learnwithdaniel.com/2015/10/rails-angular-authentication/
--
Daniel Loureiro
Reply all
Reply to author
Forward
0 new messages