Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how can i add multiple origins in rack-cors #178

Open
deepaksisodiaa opened this issue Jan 21, 2019 · 7 comments
Open

how can i add multiple origins in rack-cors #178

deepaksisodiaa opened this issue Jan 21, 2019 · 7 comments

Comments

@deepaksisodiaa
Copy link

deepaksisodiaa commented Jan 21, 2019
edited
Loading

Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'http://localhost:3000, http://localhost:4000'
resource '*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
@jkeam
Copy link

jkeam commented May 23, 2019

#131

@camallen
Copy link

camallen commented Nov 21, 2019
edited
Loading

As specified in #131 you'll have to add multiple allow block entries to configure different origins, e.g.

allowed_headers = %i(get post put patch delete options head)
allow do
  origins 'http://localhost:3000'
  resource '*', headers: :any, methods: allowed_headers
end

allow do
  origins 'http://localhost:4000'
  resource '*', headers: :any, methods: allowed_headers
end

@dchersey
Copy link

This would be a good addition to the README!

@rally25rs
Copy link

rally25rs commented Apr 16, 2020
edited
Loading

The original post is passing a single string with a comma separated list to origins

origins 'http://localhost:3000, http://localhost:4000'

that is incorrect. origins takes multiple arguments. You should be passing multiple args as shown in the README:

https://github.com/cyu/rack-cors#rack-configuration

use Rack::Cors do
  allow do
    origins 'localhost:3000', '127.0.0.1:3000',
            /\Ahttp:\/\/192\.168\.0\.\d{1,3}(:\d+)?\z/
            # regular expressions can be used here

The code loops through the origins and checks each for a match

rack-cors/lib/rack/cors/resources.rb

Lines 42 to 50 in dbea904

!!@origins.detect do |origin|
if origin.is_a?(Proc)
origin.call(source, env)
elsif origin.is_a?(Regexp)
source =~ origin
else
source == origin
end
end

So you should be passing

origins 'http://localhost:3000', 'http://localhost:4000'

(passing 2 strings as opposed to passing 1 comma separated string)

@cickes
Copy link

cickes commented Feb 26, 2021

How can we pass an environment variable to origins?

The environment variable must be a string so separate the domains by a whitespace.
Environment variable:
CORS_ORIGINS = 'domain1.com domain2.com anotherone.com'

origins ENV.fetch('CORS_ORIGINS').split(" ").map { |e| "'#{e.strip}'" }.join(", ").tr('"', "")

Yields:
"'domain1.com', 'domain2.com', 'anotherone.com'"

This won't work because it is a string instead of a comma separated list. One way to get this to work is to loop through the values similar to Cam's answer

@cyu
Copy link
Owner

cyu commented Mar 2, 2021
edited
Loading

@cickes try this:

origin *ENV.fetch('CORS_ORIGINS').split(" ").map(&:strip)

@sandstrom
Copy link

I'm doing some issue gardening 🌱🌿 🌷 and came upon this issue. Since it's quite old I just wanted to ask if this is still relevant? If it isn't, maybe we can close this issue?

By closing some old issues we reduce the list of open issues to a more manageable set.

@Meltrust Meltrust mentioned this issue Oct 13, 2023
Merged
@Meltrust Meltrust mentioned this issue Nov 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@cyu @rally25rs @jkeam @sandstrom @camallen @dchersey @cickes @deepaksisodiaa