2

I'm unable to send headers with thin/sinatra. I'm trying to do a CORS request. I tried as simple as possible.

I tried the sinatra cors module. I tried adding the headers myself like below. I got it working when I use ngnix and force the headers from there. But I'm trying to understand why sending the headers from the application doesn't work...

› gem list sinatra

*** LOCAL GEMS ***

sinatra (1.4.5)

contact.rb

require 'sinatra'
require 'json'

options '/*' do
  p "options hit"
  headers  "Access-Control-Allow-Headers" => "origin, x-requested-with, content-type"
    status 200
end

post '/' do
  p params.inspect
  headers \
    "Access-Control-Allow-Origin" => "*",
    "Access-Control-Allow-Methods" => "POST",
    "Access-Control-Allow-Headers" =>  "Content-Type",
    "Access-Control-Max-Age" => "86400"
  {:status => "error", :message => "no email"}.to_json
end

**all.js**

    // Contact form submission
    $(document).ready(function() {

        $('#contactForm').submit(function() {

            $.ajax({
                type: "POST",
                url: "http://localhost:4567/",
                data: $("#contactForm").serialize(),
                dataType: "json",

                success: function(msg) {
                    $("#formResponse").removeClass('error');
                    $("#formResponse").removeClass('success');
                    $("#formResponse").addClass(msg.status);
                    $("#formResponse").html(msg.message);

                },
                error: function() {
                    $("#formResponse").removeClass('success');
                    $("#formResponse").addClass('error');
                    $("#formResponse").html("There was an error submitting the form. Please try again.");
                }
            });
        });
    });

output

    › ruby contact.rb
== Sinatra/1.4.5 has taken the stage on 4567 for development with backup from Thin
Thin web server (v1.6.2 codename Doc Brown)
Maximum connections set to 1024
Listening on localhost:4567, CTRL+C to stop
"options hit"
127.0.0.1 - - [21/Jul/2014 11:34:59] "OPTIONS / HTTP/1.1" 200 - 0.0059

browser requests

Remote Address:127.0.0.1:80
Request URL:http://cooldevops.dev/
Request Method:POST
Status Code:405 Method Not Allowed
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,nl;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:16
Content-Type:application/x-www-form-urlencoded
Host:cooldevops.dev
Origin:http://cooldevops.dev
Referer:http://cooldevops.dev/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Form Dataview sourceview URL encoded
email:
mailbody:
Response Headersview source
Connection:keep-alive
Content-Length:19
Content-Type:text/plain
Date:Wed, 16 Jul 2014 12:47:06 GMT
X-Cascade:pass

EDIT

I get the error using safari/chrome. When using curl it seems to work. So it's getting even more weird.

2.0.0-p247 in gtheys/
› curl -v -X POST http://localhost:4567
* Adding handle: conn: 0x7f8efc815000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8efc815000) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 4567 (#0)
*   Trying ::1...
*   Trying fe80::1...
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 4567 (#0)
> POST / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:4567
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: POST
< Access-Control-Allow-Headers: Content-Type
< Access-Control-Max-Age: 86400
< Content-Length: 39
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Connection: keep-alive
* Server thin 1.6.2 codename Doc Brown is not blacklisted
< Server: thin 1.6.2 codename Doc Brown
<
* Connection #0 to host localhost left intact
{"status":"error","message":"no email"}%
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
gtheys
  • 501
  • 3
  • 19

2 Answers2

1

It was not CORS that was the problem. But my crappy jquery implementation. So make sure you don't copy it!

gtheys
  • 501
  • 3
  • 19
0

As per the docs on Setting Body, Status Code and Headers:

Similar to the body, you can also set the status code and headers:

get '/foo' do
  status 418
  headers \
    "Allow"   => "BREW, POST, GET, PROPFIND, WHEN",
    "Refresh" => "Refresh: 20; http://www.ietf.org/rfc/rfc2324.txt"
  body "I'm a tea pot!"
end

It's headers not response.headers.

You can also set the headers via the response value from a block, see Return Values.

ian
  • 12,003
  • 9
  • 51
  • 107
  • 1
    That was one of the first ones I tried :) and it generates the same issue: HTTP/1.1 405 Method Not Allowed – gtheys Jul 20 '14 at 09:03
  • Perhaps it's a Rack::Protection setting then, have a look at http://stackoverflow.com/q/10509774/335847 and see if any of those answers help. – ian Jul 20 '14 at 11:11
  • 1
    I already tried that. But I only get the error when using the browser. When I use curl it works correctly... – gtheys Jul 21 '14 at 08:15
  • @gtheys what about this one where a Chrome extension is whitelisted? http://stackoverflow.com/a/14532270/335847 – ian Jul 21 '14 at 21:53
  • 1
    Searched and tried everything that I could find on google/stackoverflow. But kept on debugging and think I found the problem. IT's not sinatra that has the problem. But the I use anvil for mac to run static websites. This webserver seems to close the connection before sinatra can send a reply back. I will try to use another webserver for the static site with the contact form. – gtheys Jul 23 '14 at 09:33