Search code examples
ruby-on-railsdevisecorsember-cliember-simple-auth

Ember/Rails CORS Simple-Auth 405 (Not Allowed)

I have an ember-cli app with a ActiveModelAdapter to a Rails API using rack-cors. I have configured both to use ember-cli-simple-auth-devise.

Locally in development everything works perfectly. But once I deploy the ember-cli app to Heroku I am unable to authenticate my signin, yet am able to retrieve other records. I receive the following 405 Error:

POST http://example.herokuapp.com/businesses/sign_in 405 (Not Allowed)

Maybe it has to do with the fact that I am using Business instead of User for my Devise model, but I change User to Business in the application_controller (plus it wouldn't work locally otherwise):

## /backend/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
 before_filter :authenticate_user_from_token!

 private

 def authenticate_user_from_token!
   authenticate_with_http_token do |token, options|
     user_email = options[:user_email].presence
     user       = user_email && Business.find_by_email(user_email) 
     ## /\ Changed User to Business /\

     if user && Devise.secure_compare(user.authentication_token, token)
       sign_in user, store: false
     end
   end
 end
end

Rack-cors config:

## /backend/config.ru

require ::File.expand_path('../config/environment',  __FILE__)
run Rails.application

require 'rack/cors'
use Rack::Cors do

  # allow all origins in development
  allow do
    origins '*'
    resource '*', 
        :headers => :any, 
        :methods => [:get, :post, :delete, :put, :options]
  end
end

I have configured simple-auth-devise like so:

// frontend/config/environment.js

ENV['simple-auth-devise'] = {
    serverTokenEndpoint: 'businesses/sign_in',
    resourceName: 'business',
    crossOriginWhitelist: ['http://example-backend.herokuapp.com/']
};

Any insight into this would be greatly appreciated.

Thanks!

** Update ** I have narrowed it down to the fact that it is a POST to example.herokuapp.com instead of to my rails backend URL of example-backend.herokuapp.com. So I think this has to do with ember-cli-simple-auth not using the proxy I have set with heroku, as the store is doing.

Solution

  • You need to configure the serverTokenEndpoint including the host when the host is not the one that the Ember app is served from:

    ENV['simple-auth-devise'] = {
  serverTokenEndpoint:  'http://example-backend.herokuapp.com/businesses/sign_in',
  resourceName:         'business',
  crossOriginWhitelist: ['http://example-backend.herokuapp.com/']
};