Ruby-on-rails 请求的资源上不存在“Access-Control-Allow-Origin”标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21709790/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
No 'Access-Control-Allow-Origin' header is present on the requested resource
提问by harshit
I am using omniauth-facebook with AngularJS and CORS is not working correctly .
我正在将 omniauth-facebook 与 AngularJS 一起使用,但 CORS 无法正常工作。
My omniauth.rb is
我的 omniauth.rb 是
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook,"xxxxx", "xxxxx",
:scope => 'email,user_birthday,read_stream', :display => 'popup'
end
Everything works if i use it as rails app and request. But when i try to call 'http:\localhost:3000\users\auth\facebook" via Angular JS
如果我将它用作 rails 应用程序和请求,一切正常。但是当我尝试通过 Angular JS 调用“http:\localhost:3000\users\auth\facebook”时
$http.get('/users/auth/facebook').success(function(data, status, headers, config) {
console.log("back in success");
}).
error(function(data, status, headers, config) {
});
}
i see following error in JS console
我在 JS 控制台中看到以下错误
XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin
'http://localhost:3000'is therefore not allowed access.
XMLHttpRequest 无法加载 https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup...thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb。请求的资源上不存在“Access-Control-Allow-Origin”标头。
'http://localhost:3000'因此不允许访问Origin 。
(The url is not displayed completely in console)
(url在控制台中没有完全显示)
I added following line
我添加了以下行
config.middleware.insert_before Warden::Manager, Rack::Cors
but also this didn't work .
但这也不起作用。
What is the best way or how can i override headers for OmniAuth ?
什么是最好的方法或如何覆盖 OmniAuth 的标头?
I am using Angularjs and gem devise ,omniauth-facebook
我正在使用 Angularjs 和 gem 设计,omniauth-facebook
回答by miguelr
Since you are on your development environment you may want to try a workaround, by allowing you browser to run in a non-secure mode.
由于您处于开发环境中,因此您可能想尝试一种解决方法,即允许浏览器在非安全模式下运行。
For Chrome on Windows, from CMD try:
对于 Windows 上的 Chrome,从 CMD 尝试:
> cd C:\Program Files (x86)\Google\Chrome\Application
> chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security
The --disable-web-securityflag will allow you to make cross domain requests. The --user-data-dirflag will allow you to open a new session onlyfor development.
该--disable-web-security标志将允许您进行跨域请求。该--user-data-dir标志将允许您仅为开发打开一个新会话。
This is just a workaround for you development work! Don't use this in production or navigate to other sites in this session!
这只是您开发工作的解决方法!不要在生产中使用它或在此会话中导航到其他站点!
回答by Nick Karpov
The issue is Javascript cannot make cross-domain requests. This is done for security reasons so that a script cannot call a remote server and expose sensitive data.
问题是 Javascript 无法进行跨域请求。这样做是出于安全原因,因此脚本无法调用远程服务器并暴露敏感数据。
Below is a link to a very good and simple explanation with a few options on how to get around it:
下面是一个非常好的简单解释的链接,其中包含一些有关如何解决它的选项:
http://developer.yahoo.com/javascript/howto-proxy.html
http://developer.yahoo.com/javascript/howto-proxy.html
And here is a previous answer which has some good information as well:
这是以前的答案,其中也有一些很好的信息:
Why am I seeing an "origin is not allowed by Access-Control-Allow-Origin" error here?
回答by realwol
Set 'Access-Control-Allow-Origin' in server will make the track.
Like:
ruby
headers['Access-Control-Allow-Origin'] = '*'
In rails.
在服务器中设置“Access-Control-Allow-Origin”将进行跟踪。比如:
ruby
headers['Access-Control-Allow-Origin'] = '*'
在轨道上。
回答by rk1729
The problem is you are getting the data from the httpssecure site that is facebook to your site which is httpso the latest browsers are not supporting cross allow origin.
问题是您正在从https安全站点 facebook获取数据到您的站点,http因此最新的浏览器不支持交叉允许来源。
The only solution is make your site support https.
唯一的解决方案是让您的网站支持https。
回答by chrichar
In your ApplicationController.rb add
在您的 ApplicationController.rb 添加
def set_access_control_headers
headers['Access-Control-Allow-Origin'] = 'http://localhost:3000'
end
回答by Ajeet Lakhani
For CORS you have to whitelist the domain you want to access from cross origin request on the server side
对于 CORS,您必须将要从服务器端跨源请求访问的域列入白名单
headers['Access-Control-Allow-Origin'] = '*'
//star will allow all the domain you can specify also which url u want to access
on the client side,you have to set the header in config() as
在客户端,您必须将 config() 中的标头设置为
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
回答by radhika gavali
some times that problem occurs because of browser.IE by default allow cross origin request. In chrome you will required to add one plugin that is "Allow-Control-Allow-Origin: *"and enabled it.
有时这个问题是因为 browser.IE 默认允许跨源请求。在 chrome 中,您需要添加一个插件“Allow-Control-Allow-Origin: *”并启用它。
回答by BWStearns
If they don't have the header set then you can't force them to have the headers. Perhaps you should look at using JSONP. However, mirroring through the server wouldn't be all that bad since you'll only have to deal with it at most once per visit, and more than likely once per user since so few people ever delete cookies.
如果他们没有设置标题,那么您不能强迫他们设置标题。也许您应该考虑使用JSONP。但是,通过服务器进行镜像并不会那么糟糕,因为每次访问最多只需要处理一次,并且每个用户很可能只需要处理一次,因为很少有人会删除 cookie。
