To expand a little on what mike has already said.
In addition to the 'regular' rails http methods. GET, POST, PUT, DELETE
there is another request type: OPTIONS
Before a cors-aware browser will do your POST/PUT request, it sends it's
own request in secret
the browser sends a request using the OPTIONS method and you need to handle
that (michael's stackoverflow link is good here), and send back some headers
You said you're on rails 2. Thankfully for you as of rails *2.0.2* (I read
the changelog) rails understands that there is an OPTIONS method.
You may need to write an entry in the routes.rb file to handle these cors
requests.
map.connect 'game/:id', :controller => 'game', :action => 'corsallow',
:conditions => { :method => :options }
Hope it helps
Graeme
On Fri, Oct 24, 2014 at 1:36 AM, Scott Olmsted <[email protected]> wrote:
> Mike,
>
> I think you're right and I would love to do what they did at that link
> (add HTTP headers at the controller level), but the code never gets that
> far, the OPTION is rejected by Rails first.
>
> Since I haven't been able to get the rack-cors gem working at all, even
> with Ian's observation that it needed some quotes in the line telling Rails
> to use it (I suspect it's written for Rails 3+ only), I am reduced to
> seeing whether I can monkey-patch Rails to not reject the OPTION, or move
> on to one of the alternatives to CORS (see
> http://techblog.constantcontact.com/software-development/using-cors-for-cross-domain-ajax-requests/),
> probably JSONP, which means probably changing or adding a lot of code, or
> convince the client to upgrade to Rails 4. Hah!
>
> Thanks,
>
> Scott
>
>
> On Thursday, October 23, 2014 12:20:00 PM UTC-4, mcostanza wrote:
>>
>> Hi Scott,
>>
>> From the first line of your stack trace you can see the request method is
>> actually OPTIONS which is a preflight CORS request:
>>
>> *Processing ApplicationController#index (for xx.xxx.xx.xxx at 2014-10-22
>> 14:31:28) [OPTIONS]*
>>
>> The application needs to send a response for the OPTIONS request first,
>> and then the PUT request will be sent. Here is an example of setting up
>> CORS headers in a rails app: http://stackoverflow.com/
>> questions/17858178/allow-anything-through-cors-policy.
>>
>> In development most likely everything is running on localhost, so it's
>> not considered cross-domain and the OPTIONS request would not be sent.
>>
>> - Mike
>>
>>
>>
>>
>> On Wed, Oct 22, 2014 at 3:35 PM, Scott Olmsted <[email protected]> wrote:
>>
>>> A client with a Rails 2 app that displays games written in Flash is
>>> having them converted to HTML5/Javascript. The team doing the conversions
>>> has no problem reading the player's data with a Javascript function like
>>> this, which I bound to a button click and ran with the Chrome debugging
>>> console open:
>>>
>>>
>>>> *function makeGetRequest() {*
>>>> * var request = new XMLHttpRequest();** request.open('GET',
>>>> <...url...>);*
>>>>
>>>> * // Response handler*
>>>> * request.onload = function() {*
>>>> * var text = request.responseText;*
>>>> * console.log("responseText="+text)** };*
>>>>
>>>> * request.send();**}*
>>>
>>>
>>> I have omitted the code to handle CORS (cross-origin resource sharing),
>>> which is set in .htaccess on the server and does not seem to be a problem.
>>>
>>> The following works in development to push data back to the Rails 2 app:
>>>
>>>
>>>> *function makePutRequest() {*
>>>> * var request = new XMLHttpRequest();** request.open('PUT',
>>>> <...url...>);*
>>>>
>>>> * // Response handler*
>>>> * request.onload = function() {*
>>>> * var text = request.responseText;*
>>>> * console.log("responseText="+text)** };*
>>>>
>>>> * request.setRequestHeader('Content-type', 'application/json');*
>>>> * request.send('{"data":"this is updated data player data"}');**}*
>>>
>>>
>>> but does not work in production. Changing 'PUT' to 'POST' and adding
>>>
>>> * xhr.setRequestHeader('X-HTTP-Method-Override', 'PUT');*
>>>
>>>
>>> also works in development but not in production.
>>>
>>> The Chrome console says:
>>>
>>> *XMLHttpRequest cannot load <...url...>. Invalid HTTP status code 405 *
>>>
>>>
>>> The Rails 2 production log says:
>>>
>>>
>>>> *Processing ApplicationController#index (for xx.xxx.xx.xxx at
>>>> 2014-10-22 14:31:28) [OPTIONS]ActionController::MethodNotAllowed (Only get
>>>> and put requests are allowed.):*
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/routing/recognition_optimisation.rb:64:in
>>>> `recognize_path'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/routing/route_set.rb:442:in
>>>> `recognize'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/routing/route_set.rb:437:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/dispatcher.rb:87:in
>>>> `dispatch'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/dispatcher.rb:121:in
>>>> `_call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/dispatcher.rb:130:in
>>>> `build_middleware_stack'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/query_cache.rb:29:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/query_cache.rb:29:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in
>>>> `cache'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/query_cache.rb:9:in
>>>> `cache'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/query_cache.rb:28:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in
>>>> `call' haml (3.0.25) rails/./lib/sass/plugin/rack.rb:41:in `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/string_coercion.rb:25:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/params_parser.rb:15:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/session/cookie_store.rb:99:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/failsafe.rb:26:in
>>>> `call'
>>>> /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/bundler/gems/rails-31a564b77c73/actionpack/lib/action_controller/dispatcher.rb:106:in
>>>> `call' passenger (3.0.12)
>>>> lib/phusion_passenger/rack/request_handler.rb:96:in `process_request'*
>>>
>>>
>>>
>>> It got as far as actionpack, so why is production behaving badly but not
>>> development? Is Apache/Passenger mangling the request before it gets there?
>>>
>>> The app uses the latest version of Rails 2, ree-1.8.7, and Passenger,
>>> hosted at RailsPlayground, where it has run without major problems for five
>>> years.
>>>
>>> I'm at a dead-end with Google. Anyone got an idea on what is the problem
>>> here?
>>>
>>> Thanks much, Scott
>>>
>>> --
>>> --
>>> SD Ruby mailing list
>>> [email protected]
>>> http://groups.google.com/group/sdruby
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "SD Ruby" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> --
> SD Ruby mailing list
> [email protected]
> http://groups.google.com/group/sdruby
> ---
> You received this message because you are subscribed to the Google Groups
> "SD Ruby" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
--
SD Ruby mailing list
[email protected]
http://groups.google.com/group/sdruby
---
You received this message because you are subscribed to the Google Groups "SD
Ruby" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
