CORS support in Sinatra Rack environment
in-silico toxicology gmbh blog
This post explains how to enable CORS support to Sinatra Rack environment, Nginx or Apache2.
see also:
CORS support for webservers
to deliver static webpages with a webserver:
add headers in Apache2:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Methods "GET, POST, DELETE, PUT, PATCH, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, api_key, Authorization"
add headers in nginx:
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, PUT, PATCH, OPTIONS';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Origin' "*";
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, api_key, Authorization';
CORS support in Sinatra Rack environment
add to Gemfile:
gem 'rack-cors', :require => 'rack/cors'
in application code add header to routes:
class Application < Service
use Rack::Cors do |config|
config.allow do |allow|
allow.origins '*'
allow.resource '/file/list_all/', :headers => :any
allow.resource '/file/at/*',
:methods => [:get, :post, :put, :delete],
:headers => :any,
:max_age => 0
allow.resource '/compound/*',
:methods => [:get, :post],
:headers => :any,
:max_age => 0
end
end
NOTE: headers shouldn’t be set both in webserver and rack.
Otherwise you have doubled values and it didn’t work for some applications:
e.g.: Access-Control-Allow-Credentials: true, true
CORS support in OpenTox ruby applications
to have a configurable CORS support to opentox ruby webservices we can add a switch to the already existing configuration file .opentox/config/default.rb
entry of a specific webservice.
e.g.: in the definition of the compound webservice add :cors => true
to enable CORS.
$compound = { :uri => "https://myserver_name/compound", :cors => true }
and add modified application code to the opentox-server gem to deploy it to all webservices:
class Application < Service
# add CORS support for swagger
if eval("$#{SERVICE}[:cors]") == true
use Rack::Cors do |config|
config.allow do |allow|
allow.origins '*'
allow.resource "/#{SERVICE}/*",
:methods => [:get, :post, :put, :delete, :patch, :options],
:headers => :any,
:max_age => 0
end
end
end
this works in Unicorn-Rack-Sinatra environment behind an Apache or Nginx proxy. Apache or Nginx do not add headers.
blog comments powered by Disqus