通过CORS策略允许任何内容
通过CORS策略允许任何内容
提问于 2013-07-25 20:35:08
如何关闭cors?由于某种原因,我去掉了允许的源和头,但是我的ajax请求仍然抱怨CORS策略不允许这个源……
我的应用程序控制器:
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :current_user, :cors_preflight_check
after_filter :cors_set_access_control_headers
# For all responses in this controller, return the CORS access control headers.
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = '*'
headers['Access-Control-Max-Age'] = "1728000"
end
# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.
def cors_preflight_check
if request.method == :options
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = '*'
headers['Access-Control-Max-Age'] = '1728000'
render :text => '', :content_type => 'text/plain'
end
end
private
# get the user currently logged in
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_user
end路由:
match "*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" }
match "/alert" => "alerts#create"
match "/alerts" => "alerts#get"
match "/login" => "sessions#create"
match "/logout" => "sessions#destroy"
match "/register" => "users#create"编辑
我也试过了:
config.middleware.use Rack::Cors do
allow do
origins '*'
resource '*',
:headers => :any,
:methods => [:get, :post, :delete, :put, :options]
end
end在application.rb中
--编辑2-
问题是我认为Chrome扩展可能不支持CORS。如何绕过CORS获取信息?我应该如何回应印前检查?
回答 8
Stack Overflow用户
回答已采纳
发布于 2013-08-14 15:27:58
我对使用rails-api的公共API也有同样的要求。
我还在一个before过滤器中设置了header。它看起来是这样的:
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
headers['Access-Control-Request-Method'] = '*'
headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'您似乎错过了Access-Control-Request-Method标头。
Stack Overflow用户
发布于 2013-07-25 20:38:36
看一看rack-cors中间件。它将以可配置的方式处理CORS标头。
Stack Overflow用户
发布于 2017-06-18 19:44:58
只需添加rack-cors gem https://rubygems.org/gems/rack-cors/versions/0.4.0即可
第一步:将gem添加到Gemfile中:
gem 'rack-cors', :require => 'rack/cors'然后保存并运行bundle install
第二步:通过添加以下内容更新您的config/application.rb文件:
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :options]
end
end如果你不使用Rails5,你可以去https://github.com/cyu/rack-cors获取更多细节。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/17858178
复制相关文章
相似问题