I am creating a new application with rails 7. I would like to add a way for the user to signup via steam. I used the code which works on rails 6, but on rails 7 I receive an error.
Access to fetch at 'https://steamcommunity.com/openid/login?openid.ax.theKeyIamHidingforStackOverflow'
(redirected from 'http://localhost:3000/auth/Steam')
from origin 'http://localhost:3000' has been blocked by
CORS policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If an opaque response serves your needs, set the
request's mode to 'no-cors' to fetch the resource with CORS disabled.
Clicking on the https://steamcommunity.com/openid/login?fooBar I get to stream and also redirected to my app and I am signed in.
I tried to set cors in config/initializers/cors.rb like:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'https://steamcommunity.com'
resource '*', headers: :any, methods: [:get, :post]
end
end
But this does not work. Do I need to allow the visit of third party websites before I try to redirect to them?
Did something change on rails 7 to protect redirect?
This is the post to the server
= form_tag '/auth/Steam', method: :post do
= submit_tag 'Steam'
Best Regards
Dennis
The answer to this, we need to disable turbo on making an Ajax request by using the form like this:
= form_tag '/auth/steam', method: :post, data: { turbo: false } do
= submit_tag 'Steam'
This Form contains data: { turbo: false } which disables turbo