On Friday, 16 October 2015 03:37:03 UTC-4, Ruby-Forum.com User wrote: > > I am having a devise user model. > > To login I am using twitter-bootstrap modal.The modal is by default > hidden and shown only after an rails default ajax request is send to the > server. > > It works fine with localhost and production. But when a user is on a > subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal > window does not pop up and the ajax request fails. > > I am sharing the session across all the domains. > > My SessionStore initializer. > > > Rails.application.config.session_store :active_record_store, :key => > > '_my_app_session',domain: 'lvh.me' > > PFB the error.log for the same. > > Rendered remote_content/_remote_sign_up.html.erb (78.8ms) > Rendered remote_content/remote_sign_up.js.erb (86.2ms) > Security warning: an embedded <script> tag on another site requested > protected JavaScript. If you know what you're doing, go ahead and > disable forgery protection on this action to permit cross-origin > JavaScript embedding. > Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms | > ActiveRecord: 1.6ms) > > This is a restriction of the browser security model - it's deliberately designed to restrict where AJAX requests etc can originate from to block several classes of attack.
You should look into rack-cors: https://github.com/cyu/rack-cors to help send the appropriate preflight headers to allow this to work. --Matt Jones -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/cd309027-0383-4725-a985-a0e0ae8fe2a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
