CORS (PUT / DELETE) requests are not working on Production

question

#1

Hello Folks,

I want to Enable CORS in my jets api mode app which talks to my Front End VueJS based app. I tried to add rack-cors gem initially and it worked with my front end app on my localhost with all the HTTP methods. But when I am trying to do the same thing over production (AWS lambda) and when the AJAX request is made with PUT or DELETE method then the browser is not able to reach the server and it returns CORS Policy error “Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”.

So I tried to implement CORS without rack-cors gem i.e catch all OPTIONS (Preflight) requests, in my routes , to respond with CORS headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers). But still I am not able to fix this problem i.e my PUT requests are still not working.

After digging, I found that the API Gateway is not creating my OPTIONS route there which means that the pre-flight requests, issued by the browser, fails.

Any work around for this problem?


#2

Wondering if you have enabled cors with the

config/application.rb

config.cors = true

https://rubyonjets.com/docs/cors-support/

Since Jets uses APIGW, cors needs to be enabled that way.


#3

Thanks tung. Much Appreciated. I totally missed that from RubyJets Docusmentation.


#4

After enabling

config.cors = true

My front end app on Heroku is not receiving Access-Control-Allow-Origin=’*’ from my Jets App. I am still getting CORS policy error. Is there anything I am missing?


#5

Try doing a curl request:
curl --verbose -H “Origin: http://acme.com/https://api.example.org/resource
Look for x-amzn-errortype and access-control-allow-origin