1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
---
layout: post
title: "CORS support in Sinatra Rack environment"
description: "How to add CORS support to Sinatra Rack environment, Nginx or Apache2."
category: Installation
tags: [Setup, apache, Nginx, ruby]
---
{% include JB/setup %}
**This post explains how to enable CORS support to Sinatra Rack environment, Nginx or Apache2.**
**see also:**
* [http://en.wikipedia.org/wiki/Cross-origin_resource_sharing](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
* [http://enable-cors.org/server.html](http://enable-cors.org/server.html)
CORS support for webservers
---------------------------
to deliver static webpages with a webserver:
add headers in Apache2:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Methods "GET, POST, DELETE, PUT, PATCH, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, api_key, Authorization"
add headers in nginx:
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, PUT, PATCH, OPTIONS';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Origin' "*";
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, api_key, Authorization';
CORS support in Sinatra Rack environment
----------------------------------------
add to Gemfile:
```ruby
gem 'rack-cors', :require => 'rack/cors'
```
in application code add header to routes:
```ruby
class Application < Service
use Rack::Cors do |config|
config.allow do |allow|
allow.origins '*'
allow.resource '/file/list_all/', :headers => :any
allow.resource '/file/at/*',
:methods => [:get, :post, :put, :delete],
:headers => :any,
:max_age => 0
allow.resource '/compound/*',
:methods => [:get, :post],
:headers => :any,
:max_age => 0
end
end
```
**NOTE:** headers shouldn't be set both in webserver and rack.
Otherwise you have doubled values and it didn't work for some applications:
e.g.: `Access-Control-Allow-Credentials: true, true`
CORS support in OpenTox ruby applications
-----------------------------------------
to have a configurable CORS support to opentox ruby webservices we can add a switch to the already existing configuration file `.opentox/config/default.rb` entry of a specific webservice.
e.g.: in the definition of the compound webservice add `:cors => true` to enable CORS.
```ruby
$compound = { :uri => "https://myserver_name/compound", :cors => true }
```
and add modified application code to the opentox-server gem to deploy it to all webservices:
```ruby
class Application < Service
# add CORS support for swagger
if eval("$#{SERVICE}[:cors]") == true
use Rack::Cors do |config|
config.allow do |allow|
allow.origins '*'
allow.resource "/#{SERVICE}/*",
:methods => [:get, :post, :put, :delete, :patch, :options],
:headers => :any,
:max_age => 0
end
end
end
```
this works in Unicorn-Rack-Sinatra environment behind an Apache or Nginx proxy. Apache or Nginx do not add headers.
|