addressalign-toparrow-leftarrow-leftarrow-right-10x10arrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcredit-cardcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobe--smallglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1languagelaunch-new-window--smalllight-bulblightning-boltlinklocation-pinlockm-swarmSearchmailmediummessagesminusmobilemoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstar-shapestartickettrashtriangle-downtriangle-uptwitteruserwarningyahooyoutube

Re: [NYC-rb] CSRF Problem with React App (localhost:8080) with Facebook authentication via Rails API (localhost:3000) with Omniauth, Rack-cors

From: Dan J.
Sent on: Friday, June 26, 2015, 9:47 PM
It looks like neither facebook nor twitter (just found an article about this) and possible google don't support CORS. It means that Omniauth can only used as server-side auth if client and server are on same domain.

I would need to develop React component for each login.  


On Fri, Jun 26, 2015 at 9:42 PM, Yung H Kwon <[address removed]> wrote:
Hi Dan,

Normally, OAuth, where a User must enter their credentials and grant access, is a redirect processes and not suited for XHR based flows. And this could explain why `www.facebook.com/dialog/oauth` does not support CORS, since it's not supposed to be used in this manner.

While I don't know if Facebook supports an XHR based authentication, it seems that the omniauth gem you are using may not be configured for this type of use.


On Fri, Jun 26, 2015 at 9:01 PM, Dan <[address removed]> wrote:
I'm calling from React client with ajax to /auth/facebook which is the route provided by Omniauth. Omniauth should call facebook login and return to /auth/facebook/callback where I pick up.


Best,
Yung


--
* * *
damncarousel
yung.kwon@ | damncarousel.com | github.com/nowk
o. 646/462/3829




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
 This message was sent by Yung H Kwon ([address removed]) from NYC.rb.
To learn more about Yung H Kwon, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]

New York, NY

Founded Jan 18, 2011

Organizers:

Dmitri Nesterenko, Andrew Leung, Richard Logwood, Trace Wax
Contact

People in this
group are also in: