Ruby-on-rails 如何在rails下的webrick中设置access-control-allow-origin?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2535454/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set access-control-allow-origin in webrick under rails?
提问by brad
I have written a small rails app to serve up content to another site via xmlhttprequests that will be operating from another domain (it will not be possible to get them running on the same server). I understand I will need to set access-control-allow-origin on my rails server to allow the requesting web page to access this material.
我编写了一个小型 Rails 应用程序,通过 xmlhttprequests 将内容提供给另一个站点,这些站点将从另一个域中运行(不可能让它们在同一台服务器上运行)。我知道我需要在我的 rails 服务器上设置 access-control-allow-origin 以允许请求的网页访问此材料。
It seems fairly well documented how to do this with Apache and this is probably the server I will use once I deploy the site. While I am developing though I hope to just use webrick as I am used to doing with rails. Is there a way of configuring webrick to provide the appropriate http header within rails?
如何使用 Apache 执行此操作似乎有据可查,这可能是我部署站点后将使用的服务器。虽然我正在开发,但我希望只使用 webrick,就像我习惯使用 Rails 一样。有没有办法配置 webrick 以在 rails 中提供适当的 http 标头?
采纳答案by thomasfedb
If you're on Rails 2 just add this to your application contoller.
如果您使用的是 Rails 2,只需将其添加到您的应用程序控制器中即可。
before_filter :set_access
def set_access
@response.headers["Access-Control-Allow-Origin"] = "*"
end
Obviously changing "*"to something a little less open would be a good idea.
显然改变"*"一些不那么开放的东西是个好主意。
回答by Jared Fine
Rails 4 (http://edgeguides.rubyonrails.org/security.html#default-headers)
Rails 4 ( http://edgeguides.rubyonrails.org/security.html#default-headers)
In config/application.rb:
在 config/application.rb 中:
config.action_dispatch.default_headers.merge!({
'Access-Control-Allow-Origin' => '*',
'Access-Control-Request-Method' => '*'
})
回答by freemanoid
Rails 3.1
导轨 3.1
class ApplicationController < ActionController::Base
protect_from_forgery
after_filter :set_access_control_headers
def set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Request-Method'] = '*'
end
end
回答by Peter Marklund
Rails 3.1 - using a controller after_filter did not work for me so I added a custom middleware instead:
Rails 3.1 - 使用控制器 after_filter 对我不起作用,所以我添加了一个自定义中间件:
In app/middleware/cors_middleware.rb:
在 app/middleware/cors_middleware.rb 中:
# For icons to work in Firefox with CDN
class CorsMiddleware
def initialize(app)
@app = app
end
def call(env)
status, headers, body = @app.call(env)
cors_headers = headers.merge({
'Access-Control-Allow-Origin' => '*',
'Access-Control-Request-Method' => '*'
})
[status, cors_headers, body]
end
end
In config/application.rb:
在 config/application.rb 中:
require File.join(Rails.root, "app", "middleware", "cors_middleware")
config.middleware.insert_before ActionDispatch::Static, CorsMiddleware # Need it early in the chain to work for assets
回答by grosser
Rails 2.3.8
导轨 2.3.8
before_filter :allow_cross_domain_access
def allow_cross_domain_access
response.headers["Access-Control-Allow-Origin"] = "*"
response.headers["Access-Control-Allow-Methods"] = "*"
end
回答by demisx
In case you want the solution as a Rack middleware gem: https://github.com/cyu/rack-cors
如果您希望将解决方案作为 Rack 中间件 gem:https: //github.com/cyu/rack-cors
![Ruby-on-rails before_filter :authenticate_user!, 除了: [:index] / Rails 4](/res/img/loading.gif)