I have a Rails 3.2.21 app, which requires the user to be logged in to do several actions (e.g. following another user).
The issue is I've switched ONLY the login & signup pages to https; the rest of the app is still http (using rack-ssl-enforcer gem to 301 redirect from http -> https on just those two pages, in case it matters). When opening up a modal via Ajax to show login or signup, it's not working. In the Rails logs it says:
WARNING: Can't verify CSRF token authenticity
And in Chrome the console says:
Failed to load https://mydomain/signup: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mydomain' is therefore not allowed access.
The code looks like this. Clicking the link to follow a user runs the following jQuery code:
$.ajax({ type: "GET", url: "/follow/" + $(this).data("follow-id") })
The FollowsController has before_filter :login_required, and the login_required method in ApplicationController looks like this:
def login_required redirect_to "/signup" and return end
Without the login & signup pages being https, everything works as normal. When I switched them to https, this problem crept up.
EDIT:
Already tried the solution posted here, to no avail.
Aucun commentaire:
Enregistrer un commentaire