Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- app.config(['$httpProvider', function($httpProvider) {
- $httpProvider.defaults.withCredentials = true;
- }]);
- The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
- def authenticate_current_user
- head :unauthorized if get_current_user.nil?
- end
- def get_current_user
- return nil unless cookies[:auth_headers]
- auth_headers = JSON.parse(cookies[:auth_headers])
- expiration_datetime = DateTime.strptime(auth_headers["expiry"], "%s")
- current_user = User.find_by(uid: auth_headers["uid"])
- if current_user &&
- current_user.tokens.has_key?(auth_headers["client"]) &&
- expiration_datetime > DateTime.now
- @current_user = current_user
- end
- @current_user
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement