External registration


#1

I’m creating an app for a social network which of course requires a registration/login process. The network runs on a Rails server and provides an API for the registration.

However as I understand AngularJS doesn’t allow cross domain requests via the $http.post-function, so the app is not able to access the API. The only solution I’ve found so far is setting up a proxy for the requests, however this doesn’t seem too practical.

What would be the common way to include a registration form in the app?


#2

Try adding something like this in your config.xml to allow cross domain requests.

<access origin="*" />

Also, for testing in the browser, try out the Ripple extension for chrome. It will handle the proxying for you.


#3

This is actually quite a big thing to get working. I have the same setup with a rails server as the api.

There are two parts you need to handle. First there is the CSRF token that you need to pass along for it to work. And the second thing is to allow CORS on your rails server.

This is also not an issue in either Ionic or AngularJS as this is a restriction in the browser. And you need to handle this with the headers sent back on each response.

My solution is having a AngularBaseController that looks something like this:

class AngularBaseController < ActionController::Base
	protect_from_forgery
	before_filter :check_api_key
	before_filter :set_locale
	after_filter :set_csrf_cookie_for_ng


	def set_csrf_cookie_for_ng
	  cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
	end


	def angular_response(model,options={})
		headers["Access-Control-Allow-Origin"] = "*"
    		headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE OPTIONS}.join(",")
  		headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type Authorization X-Requested-With X-XSRF-TOKEN X-CSRF-TOKEN x-xsrf-token x-csrf-token}.join(",")
		
		render json: model.as_json(options)
	end
end

Then you make sure that all your api-responses use the angular_response method.

You also need to have this in your application_controller.rb

  def cor
    headers["Access-Control-Allow-Origin"] = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE OPTIONS}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type Authorization X-Requested-With X-XSRF-TOKEN X-CSRF-TOKEN x-xsrf-token x-csrf-token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

And then a route for all OPTIONS calls to be routed to the cor method: routes.rb

match '*all' => 'application#cor', :constraints => {:method => 'OPTIONS'}

Then you should be all set. However, I strongly suggest that you implement a token authentication method so that you pass along a unique token for each request that the server has given you in the previous request.

A bit off topic, but felt that this is a very common problem and I spent days trying to find a solution that works.

Best of luck!
//Anders