dimanche 17 avril 2016

How do I avoid "preflight requests"?

I am trying to get started with Ember Data and immediately ran into this problem were the browser sends a OPTIONS request before the actual request.

The development backend I am trying to communicate with is a rails 4.2 server running on my local machine (started with rails s -b 0.0.0.0 ) I currently use this api to communicate from both an android and an ios app. My end goal is to provide an Ember app in addition to the existing rails UI, but if I have to replace it and only have the Ember UI, that will be OK.

I did some reading on CORS and I think at at least understand what it is trying to do. If I understand correctly, the browser sees the Ember app as having been served by a server other than the one that requests are being made to and because of this asks the server if this is OK.

So my questions are:

  1. Will I be able to deploy my ember app to the real server such that these CORS OPTIONS requests are not needed? (ie, I assume a rails app can deliver an Ember app to the browser and the browser will see the source of the script as being the same as the target of the request and not require the prefight requests)
  2. How do I get this to work in development? I see there is a --proxy option on the ember s --proxy, which seemed like it was supposed to be the solution for this, but I have not been able to get it to work

When I navigate to the server url I am trying to access http://localhost:3000/api/v1/users rails logs the following response:

Started GET "/api/v1/users" for 127.0.0.1 at 2016-04-17 10:02:01 -0400

Based on this, I think I have my Ember adapter set up correctly:

import JSONAdapter from 'ember-data/adapters/json-api';

export default JSONAdapter.extend({
  host: 'http://127.0.0.1:3000',
  namespace: 'api/v1'
});

Then I start the Ember server with this command:

ember s --proxy http://127.0.0.1:3000

The rails server is receiving the following request:

Started OPTIONS "/api/v1/users" for 127.0.0.1 at 2016-04-17 09:36:51 -0400

Which fails because I don't have a route for that (and don't think I want to either).




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)