Ember/Rails CORS Simple-Auth 405 (Not Allowed)

3
votes

I have an ember-cli app with a ActiveModelAdapter to a Rails API using rack-cors. I have configured both to use ember-cli-simple-auth-devise.

Locally in development everything works perfectly. But once I deploy the ember-cli app to Heroku I am unable to authenticate my signin, yet am able to retrieve other records. I receive the following 405 Error:

POST http://example.herokuapp.com/businesses/sign_in 405 (Not Allowed)

Maybe it has to do with the fact that I am using Business instead of User for my Devise model, but I change User to Business in the application_controller (plus it wouldn't work locally otherwise):

## /backend/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
 before_filter :authenticate_user_from_token!

 private

 def authenticate_user_from_token!
   authenticate_with_http_token do |token, options|
     user_email = options[:user_email].presence
     user       = user_email && Business.find_by_email(user_email) 
     ## /\ Changed User to Business /\

     if user && Devise.secure_compare(user.authentication_token, token)
       sign_in user, store: false
     end
   end
 end
end

Rack-cors config:

## /backend/config.ru

require ::File.expand_path('../config/environment',  __FILE__)
run Rails.application

require 'rack/cors'
use Rack::Cors do

  # allow all origins in development
  allow do
    origins '*'
    resource '*', 
        :headers => :any, 
        :methods => [:get, :post, :delete, :put, :options]
  end
end

I have configured simple-auth-devise like so:

// frontend/config/environment.js

ENV['simple-auth-devise'] = {
    serverTokenEndpoint: 'businesses/sign_in',
    resourceName: 'business',
    crossOriginWhitelist: ['http://example-backend.herokuapp.com/']
};

Any insight into this would be greatly appreciated.

Thanks!

** Update ** I have narrowed it down to the fact that it is a POST to example.herokuapp.com instead of to my rails backend URL of example-backend.herokuapp.com. So I think this has to do with ember-cli-simple-auth not using the proxy I have set with heroku, as the store is doing.

1
ruby-on-railsdevisecorsember-cliember-simple-auth
is it 405 or 406? 406 is "Not acceptable" which would indicate that e.g. you're requesting JSON and the server only supports HTML responses.marcoow
@marcoow It's 405, I updated the title. My rails server only returns JSONbahudso
I think that you should definitely post the whole error. You can get the logs from Heroku by running heroku logs (devcenter.heroku.com/articles/logging). BTW are you sure that there is nothing related to the CSFR?Tom Hert

1 Answers

2
votes

You need to configure the serverTokenEndpoint including the host when the host is not the one that the Ember app is served from:

ENV['simple-auth-devise'] = {
  serverTokenEndpoint:  'http://example-backend.herokuapp.com/businesses/sign_in',
  resourceName:         'business',
  crossOriginWhitelist: ['http://example-backend.herokuapp.com/']
};