Ruby-on-rails 如何在 Rails 4 App 中启用 CORS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29751115/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enable CORS in Rails 4 App
提问by WagnerMatosUK
I'm just about to pull my hair out... I've been trying to enable CORS in this Rails app since the morning and it just doesn't work. I've tried this, using Rack Cors Gem, this answerand this postall without success.
我正准备拔头发……从早上开始我就一直在尝试在这个 Rails 应用程序中启用 CORS,但它不起作用。我已经尝试过这个,使用 Rack Cors Gem,这个答案和这个帖子都没有成功。
Can someone point me in the right direction?
有人可以指出我正确的方向吗?
Here's my js:
这是我的js:
var req = new XMLHttpRequest();
if ('withCredentials' in req) {
// req.open('GET', "https://api.github.com/users/mralexgray/repos", true);
req.open('GET', "http://www.postcoder.lc/postcodes/" + value, true);
// Just like regular ol' XHR
req.onreadystatechange = function() {
if (req.readyState === 4) {
if (req.status >= 200 && req.status < 400) {
// JSON.parse(req.responseText) etc.
console.log(req.responseText);
} else {
// Handle error case
}
}
};
req.send();
}
When I try this url (from an external client): https://api.github.com/users/mralexgray/reposthat works ok, I'm assuming the problem is with my Rails API. Am I wrong?
当我尝试这个 url(来自外部客户端):https: //api.github.com/users/mralexgray/repos工作正常时,我假设问题出在我的 Rails API 上。我错了吗?
EDIT: Currently I have this in my controller:
编辑:目前我的控制器中有这个:
skip_before_filter :verify_authenticity_token
before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers
# For all responses in this controller, return the CORS access control headers.
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.
def cors_preflight_check
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
headers['Access-Control-Max-Age'] = '1728000'
end
回答by apneadiving
You should use rack cors
你应该使用机架 cors
It provides a nice DSL, to use in your config/application.rb, instead of the messy header work and before filters.
它提供了一个很好的 DSL,可以在你的config/application.rb, 而不是凌乱的标题工作和过滤器之前使用。
A very permissive would be as follows, but of course, you'll have to tailor it a bit.
一个非常宽松的方法如下,但当然,你必须稍微调整一下。
use Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
回答by errakeshpd
Rack::Corsprovides support for Cross-Origin Resource Sharing
Rack::Cors支持跨域资源共享
Steps to enable rackcors :
启用rackcors的步骤:
1.add gem to your Gemfile:
1.将 gem 添加到您的Gemfile 中:
gem 'rack-cors'
2.Add below code to config/application.rb
2.将以下代码添加到config/application.rb
# if you are using Rails 3/4
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '*', :headers => :any, :methods => :any
end
end
# if you are using Rails 5
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
