-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding origins dynamically #50
Comments
No, that's not functionality I had in mind when I developed it. I supposed if you could figure out how to access the middleware stack you could get to the middleware and call |
Thinking about it some more that's not going to quite work - you'll probably want to create a new If you can figure out a cleaner way to do this, I'd be happy to accept a patch. |
Thanks for your input I have here are my controllers. However the reservations resource is not being allowed, whereas the impressions resource is Is there a way to trouble shoot this? Thanks On Sep 3, 2014, at 5:13 PM, Calvin Yu notifications@github.com wrote:
|
There is a way to enable some logging, but it only logs where there's a resource hit, and not misses. That gives me an idea though - I can probably return some diagnostics in the HTTP headers to make troubleshooting these issues easier. Doesn't really help you right now though. Sorry. |
no problem i had to allow both resource room and hotel On Sep 5, 2014, at 8:27 AM, Calvin Yu notifications@github.com wrote:
|
Mind sending me your final configuration? |
On Sep 6, 2014, at 7:40 PM, Calvin Yu notifications@github.com wrote:
|
Thanks! FYI - I committed some changes to return some diagnostic headers when debug mode is enabled: 8456a39 |
Hi Calvin Can you tell me if you have a way to expose the location in the headers? Im getting: I’m looking to get access to the Location in the response headers On Sep 9, 2014, at 6:41 AM, Calvin Yu notifications@github.com wrote:
|
I'm guessing there wasn't a location header in the response. If you're using chrome or safari you can see the headers from the inspector. |
Yeah I can see them in the browser, so I guess its not a return header issue, its more that the browser is not passing them back to the ajax done callback, which I believe is a browser issue On Sep 10, 2014, at 3:10 PM, Calvin Yu notifications@github.com wrote:
|
I am not sure if this issue is still relevant, but here is the solution that worked for me: allow do
origins do |source, env|
# this proc should return true or false
# You can dynamically check the database/redis or any other storage for your origins
Database.where('redirect_uri ~* ?', "^#{source}").exists?
end
resource '/api/v0/*', headers: :any, methods: [:get, :delete, :put, :post, :options]
resource '/api/oauth/*', headers: :any, methods: [:get, :delete, :post, :options]
end |
@faragorn is your solution supposed to check for the customers who are allowed to use the api ? I have a web widget where my customers are allowed to send post requests to my server and I would like to prevent any "not allowed" request from getting a response |
@medbouzid Yes, in my solution it is done dynamically, and sources are checked in the database. But generally that's what |
Hi every one, sorry for the stupid question, is there a way to update list of allowed origins on fly when server is already running? I need this to be able to integrate client custom APIs. |
Does anyone know if there's there a way to dynamically add origins to the allowed list without having to restart the server?
Thanks
The text was updated successfully, but these errors were encountered: