Wednesday, October 21, 2015
On Friday, 16 October 2015 03:37:03 UTC-4, Ruby-Forum.com User wrote:
I am having a devise user model.
To login I am using twitter-bootstrap modal.The modal is by default
hidden and shown only after an rails default ajax request is send to the
server.
It works fine with localhost and production. But when a user is on a
subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal
window does not pop up and the ajax request fails.
I am sharing the session across all the domains.
My SessionStore initializer.
> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'
PFB the error.log for the same.
Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested
protected JavaScript. If you know what you're doing, go ahead and
disable forgery protection on this action to permit cross-origin
JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms |
ActiveRecord: 1.6ms)
This is a restriction of the browser security model - it's deliberately designed to restrict where AJAX requests etc can originate from to block several classes of attack.
You should look into rack-cors: https://github.com/cyu/rack-cors
to help send the appropriate preflight headers to allow this to work.
--Matt Jones
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/cd309027-0383-4725-a985-a0e0ae8fe2a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment