Ok so I have two Rails applications trying to talk to each other. The main app (client-side stuff) renders an <img> tag that has a source pointing to the second app (back-end Asset Dispatcher). I am aware of how to send the cookies from the main app to the second when there is a preflight OPTIONS request. However this is not the case since the <img> tag is making a GET request bypassing the preflight (as far as I'm aware?).
The purpose of this is because the applications require a login and restricts access to certain files. So I need to verify that the user (if any) who made the request for an asset on a client computer is allowed access.
Is this possible to do?
Aucun commentaire:
Enregistrer un commentaire