Ruby-on-rails CORS - 通过允许服务器上的 Origin 实现没有 JSONP 的跨域 AJAX
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17318426/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CORS - Cross-Domain AJAX Without JSONP By Allowing Origin On Server
提问by darksky
I have two separate apps on the same server, with the EmberJS one trying to do cross-domain calls to my backend API.
我在同一台服务器上有两个独立的应用程序,其中一个 EmberJS 试图对我的后端 API 进行跨域调用。
I set up my backend API to allow cross-domain requests from that specific origin. Is there a way however, to avoid using JSONP with such a set up? $.ajaxis blocking cross-domain requests before they ever get sent. If not, what is the point of CORS, which server-side I had implemented to accept requests from my JS front-end source?
我设置了后端 API 以允许来自该特定来源的跨域请求。但是,有没有办法避免在这样的设置中使用 JSONP?$.ajax在发送之前阻止跨域请求。如果不是,CORS 的意义是什么,我实现了哪个服务器端来接受来自我的 JS 前端源的请求?
EDIT
编辑
AJAX request:
AJAX 请求:
$.ajax({
url: "api.lvh.me:3000/accounts/login",
data: cred,
type: "POST",
xhrFields: {
withCredentials: true
},
success: function(response){
alert('succeeded!');
console.log(response);
alert(response);
},
failure: function(message){
alert("failed");
console.log(message);
alert(message);
}
});
回答by Balaji Sivanath
There is no need to use JSONP if you enable CORS.
如果启用 CORS,则无需使用 JSONP。
Access-Control-Allow-Origin: http://www.example.com
if this header is set in the response, then normal XmlHttpRequest will be able to access the response as if it is like same domain. Check whether this header is set correctly.
如果在响应中设置了这个标头,那么普通的 XmlHttpRequest 将能够访问响应,就好像它就像同一个域一样。检查此标题是否设置正确。
I hope that this link will help you if you are using jquery A CORS POST request works from plain javascript, but why not with jQuery?
如果您使用的是 jquery,我希望此链接对您有所帮助。 CORS POST 请求可通过普通 javascript 工作,但为什么不使用 jQuery?
Update: Example
更新:示例
var xmlhttp= new XMLHttpRequest();
var url="https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control";
xmlhttp.open("GET",url,false);
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xmlhttp.send();
Try this in any domain, you will get response.
在任何域中尝试此操作,您都会得到响应。
Update solution:
更新解决方案:
Request url without "http://" caused the problem, prepending "http://" solved the issue
没有“http://”的请求 url 导致了问题,在前面加上“http://”解决了这个问题
回答by Lorem Ipsum Dolor
You can use rack-corsin Rails 5, to set it to allow all URLs.
您可以rack-cors在Rails 5 中使用,将其设置为允许所有 URL。
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [
:get, :post, :put, :patch, :delete, :options, :head
]
end
end
回答by Leon Rom
In cross-domain environment I suggest to use JSONP instead CORS becase many free hosts does not support cross-domain CORS. It is detailed in working examples- both JSONP and CORS.
在跨域环境中,我建议使用 JSONP 代替 CORS,因为许多免费主机不支持跨域 CORS。它在工作示例中有详细说明- JSONP 和 CORS。
