-1

I am creating a new application with rails 7. I would like to add a way for the user to signup via steam. I used the code which works on rails 6, but on rails 7 I receive an error.

Access to fetch at 'https://steamcommunity.com/openid/login?openid.ax.theKeyIamHidingforStackOverflow' 
(redirected from 'http://localhost:3000/auth/Steam') 
from origin 'http://localhost:3000' has been blocked by 
CORS policy: Response to preflight request doesn't pass access control 
check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
If an opaque response serves your needs, set the 
request's mode to 'no-cors' to fetch the resource with CORS disabled.

Clicking on the https://steamcommunity.com/openid/login?fooBar I get to stream and also redirected to my app and I am signed in. I tried to set cors in config/initializers/cors.rb like:

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins 'https://steamcommunity.com'
    resource '*', headers: :any, methods: [:get, :post]
  end
end

But this does not work. Do I need to allow the visit of third party websites before I try to redirect to them?

Did something change on rails 7 to protect redirect?

This is the post to the server

= form_tag '/auth/Steam', method: :post do
  = submit_tag 'Steam'

Best Regards

Dennis

DenicioCode
  • 8,668
  • 4
  • 18
  • 33

1 Answers1

0

The answer to this, we need to disable turbo on making an Ajax request by using the form like this:

= form_tag '/auth/steam', method: :post, data: { turbo: false } do
  = submit_tag 'Steam'

This Form contains data: { turbo: false } which disables turbo

Dennis Branchbob
  • 26
  • 2
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 08 '22 at 18:28