OpenTox

CORS support in Sinatra Rack environment
in-silico toxicology gmbh blog

This post explains how to enable CORS support to Sinatra Rack environment, Nginx or Apache2.

see also:

CORS support for webservers

to deliver static webpages with a webserver:

add headers in Apache2:

    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Credentials true
    Header set Access-Control-Allow-Methods "GET, POST, DELETE, PUT, PATCH, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, api_key, Authorization"

add headers in nginx:

    add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, PUT, PATCH, OPTIONS';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Origin' "*";
    add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, api_key, Authorization';

CORS support in Sinatra Rack environment

add to Gemfile:

    gem 'rack-cors', :require => 'rack/cors'

in application code add header to routes:

    class Application < Service
  
      use Rack::Cors do |config|
        config.allow do |allow|
           allow.origins '*'
           allow.resource '/file/list_all/', :headers => :any
           allow.resource '/file/at/*',
             :methods => [:get, :post, :put, :delete],
             :headers => :any,
             :max_age => 0
           allow.resource '/compound/*',
             :methods => [:get, :post],
             :headers => :any,
             :max_age => 0
        end
      end

NOTE: headers shouldn’t be set both in webserver and rack. Otherwise you have doubled values and it didn’t work for some applications: e.g.: Access-Control-Allow-Credentials: true, true

CORS support in OpenTox ruby applications

to have a configurable CORS support to opentox ruby webservices we can add a switch to the already existing configuration file .opentox/config/default.rb entry of a specific webservice. e.g.: in the definition of the compound webservice add :cors => true to enable CORS.

  $compound = { :uri => "https://myserver_name/compound", :cors => true }

and add modified application code to the opentox-server gem to deploy it to all webservices:

    class Application < Service

    # add CORS support for swagger
    if eval("$#{SERVICE}[:cors]") == true
      use Rack::Cors do |config|
        config.allow do |allow|
           allow.origins '*'
           allow.resource "/#{SERVICE}/*",
             :methods => [:get, :post, :put, :delete, :patch, :options],
             :headers => :any,
             :max_age => 0
        end
      end
    end

this works in Unicorn-Rack-Sinatra environment behind an Apache or Nginx proxy. Apache or Nginx do not add headers.

blog comments powered by Disqus

Published

02 June 2015

Tags