如何在 Rails 4 个 App 中启用 CORS
How to enable CORS in Rails 4 App
我正要把我的头发拔出来...我从早上开始就一直在尝试在此 Rails 应用程序中启用 CORS,但它不起作用。我试了 this, using Rack Cors Gem, this answer and this post 都没有成功。
有人能指出我正确的方向吗?
这是我的 js:
var req = new XMLHttpRequest();
if ('withCredentials' in req) {
// req.open('GET', "https://api.github.com/users/mralexgray/repos", true);
req.open('GET', "http://www.postcoder.lc/postcodes/" + value, true);
// Just like regular ol' XHR
req.onreadystatechange = function() {
if (req.readyState === 4) {
if (req.status >= 200 && req.status < 400) {
// JSON.parse(req.responseText) etc.
console.log(req.responseText);
} else {
// Handle error case
}
}
};
req.send();
}
当我尝试此 url(来自外部客户端)时:https://api.github.com/users/mralexgray/repos 工作正常,我假设问题出在我的 Rails API 上。我错了吗?
编辑:目前我的控制器中有这个:
skip_before_filter :verify_authenticity_token
before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers
# For all responses in this controller, return the CORS access control headers.
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.
def cors_preflight_check
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
headers['Access-Control-Max-Age'] = '1728000'
end
你应该使用rack cors
它提供了一个很好的 DSL,可以在您的 config/application.rb 中使用,而不是凌乱的 header 工作和过滤器之前。
一个非常宽容的如下,当然,你还得稍微调整一下。
use Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
Rack::Cors 提供对跨源资源共享的支持
启用 rackcors 的步骤:
将此 gem 添加到您的 Gemfile:
gem 'rack-cors'
将下面的代码添加到config/application.rb
如果您正在使用 Rails 3/4:
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', :headers => :any, :methods => :any
end
end
如果您使用的是Rails 5:
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
以下是对我有用的方法:
将此添加到 Gemfile:gem 'rack-cors' 然后 bundle install
创建一个新文件/config/initializers/cors.rb
在文件中放置以下内容:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :put]
end
end
就是这样!
仅供参考,说明直接来自 here
我正要把我的头发拔出来...我从早上开始就一直在尝试在此 Rails 应用程序中启用 CORS,但它不起作用。我试了 this, using Rack Cors Gem, this answer and this post 都没有成功。
有人能指出我正确的方向吗?
这是我的 js:
var req = new XMLHttpRequest();
if ('withCredentials' in req) {
// req.open('GET', "https://api.github.com/users/mralexgray/repos", true);
req.open('GET', "http://www.postcoder.lc/postcodes/" + value, true);
// Just like regular ol' XHR
req.onreadystatechange = function() {
if (req.readyState === 4) {
if (req.status >= 200 && req.status < 400) {
// JSON.parse(req.responseText) etc.
console.log(req.responseText);
} else {
// Handle error case
}
}
};
req.send();
}
当我尝试此 url(来自外部客户端)时:https://api.github.com/users/mralexgray/repos 工作正常,我假设问题出在我的 Rails API 上。我错了吗?
编辑:目前我的控制器中有这个:
skip_before_filter :verify_authenticity_token
before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers
# For all responses in this controller, return the CORS access control headers.
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.
def cors_preflight_check
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
headers['Access-Control-Max-Age'] = '1728000'
end
你应该使用rack cors
它提供了一个很好的 DSL,可以在您的 config/application.rb 中使用,而不是凌乱的 header 工作和过滤器之前。
一个非常宽容的如下,当然,你还得稍微调整一下。
use Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
Rack::Cors 提供对跨源资源共享的支持
启用 rackcors 的步骤:
将此 gem 添加到您的 Gemfile:
gem 'rack-cors'
将下面的代码添加到config/application.rb
如果您正在使用 Rails 3/4:
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', :headers => :any, :methods => :any
end
end
如果您使用的是Rails 5:
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
以下是对我有用的方法:
将此添加到 Gemfile:
gem 'rack-cors'然后bundle install创建一个新文件
/config/initializers/cors.rb在文件中放置以下内容:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :put]
end
end
就是这样!
仅供参考,说明直接来自 here