Csrf

[FredHasselot]

I've got probably a dumb question but...

i get a CRSF error with a POST request on http://localhost:5000/members/sign_in.json

myApp. config(function(AuthProvider, AuthInterceptProvider) { AuthProvider.loginMethod('POST'); AuthProvider.loginPath('http://localhost:5000/members/sign_in.json'); });

here is the message on chrome console:
XMLHttpRequest cannot load http://localhost:5000/members/sign_in.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 404.

i tried to install the gem 'angular_rails_csrf' on rails.
i tried to follow the post mentioned in the documentation

but... i'm stuck

i misunderstood things.
Any help would be appreciate
thanks

[danielolivaresd]

This looks like a CORS issue, not a CSRF one. Could you please take a look at https://github.com/cyu/rack-cors and set your client on the origins? Example given:

module YourApp
  class Application < Rails::Application

    # ...

    config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins 'http://localhost:9000'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
      end
    end

  end
end

[FredHasselot]

Absolutly. Thanks!
I did something like this:

  # ...

  allow do
    origins 'localhost:9000', '127.0.0.1:9000',
        resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :patch, :options, :head]
  end

Thanks