Instead of enabling CORS, we can proxy requests through nginx front-end server. Proxy ajax calls through front-end server Read this carefully to mitigate CSRF attacks. Keep in mind that by enabling CORS (especially public access) you dig potential CSRF security hole. Headers = break end end # or '*' for public access # headers = '*' headers end def set_headers if = Īllowed. In application_controller.rb do something like this:Ĭlass ApplicationController < ActionController :: APIīefore_action :set_headers private def set_origin = request. This way browser is verifying that caller have the rights to send the ajax requests to this server. If you’ll chose to go this way, you’ll need to set special http-headers on the Rails side. To enable such kind of requests we need to apply Cross-Origin Resource Sharing (CORS) mechanism. Ajax CORS requestsīecause of the same-origin policy we can’t make ajax requests from one location to another (even if the target resource on the same domain but different port). Next we need to decide how we’ll be getting the data from API via ajax requests. I prefer another option - put it on the subdomain (or another domain), so we can scale app in the future without changing the codebase. Then we are forced to keep 2 apps on the same server. We can have it on the same domain, but on the different port. When the user hits some link on the site, app makes the ajax call to fetch the new data and updates the views on the client.įront-end app lives on the main domain. When the data is arrived, React renders the view and Express sends html to the user with client JS app, which takes control over the flow. So we fetch it from Rails API via http-request. We need the data to render initial html and send the response. When user hits, request goes to the Node.js server with Express on top. Worth to note that we can use Rails as API for mobiles apps as well. Rails, which became simply JSON API, is responsible for data and React handles the interface part, using the same javascript codebase on the server and on the client. So I cut whole front-end stuff out of Rails and moved it to Node.js. Tools plays best in environments, for which they were designed. I’ve been trying to implement JS server rendering within Rails app using react-rails gem, but it’s not the way to go. And in the end everything will be deployed to production. Before we’ll share it with the world, we’ll secure it. After that we’ll kick-start universal javascript app. In the next one we’ll setup Rails JSON API. Within current post we’ll plan application architecture. If you haven’t heard about isomorphic javascript concept, here is the link that explains what it’s all about. So if you don’t use/like Rails, just take it as an abstract API and keep reading. I’d like to share intermediate results of my work with Universal (aka “Isomorphic”) JavaScript apps, based on React library from Facebook and Ruby on Rails as backend.Īctually it’s not so much about Rails, but about JSON API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |