2

使用我在 jsfiddle 上找到的一些代码,我正在尝试从我的 rails 应用程序加载模型 iFrame。 http://jsfiddle.net/f2Fcd/

我认为跨站点脚本正在阻止它。我怎样才能解决这个问题?

资产/javascript/batch_details.js

$('a.btn').on('click', function(e) {
  e.preventDefault();
  var url = $(this).attr('href');
  $(".modal-body").html('<iframe width="100%" height="100%" frameborder="0" scrolling="no" allowtransparency="true" src="'+url+'"></iframe>');
});

意见/batch_details/show.html.erb

<a data-toggle="modal" class="btn" href="http://www.bing.com" data-target="#myModal">click me</a>


<div class="modal hide fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
  <div class="modal-header">
    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
    <h3 id="myModalLabel">Modal header</h3>
  </div>
  <div class="modal-body">
  </div>
</div>

JavaScript 控制台中的错误消息

XMLHttpRequest cannot load http://www.bing.com/. Origin http://0.0.0.0:3000 is not allowed by Access-Control-Allow-Origin.

编辑

谢谢@amb110395 的评论。到目前为止没有运气。

添加到 batch_details_controller

before_filter :cors_preflight_check
  after_filter :cors_set_access_control_headers

  # For all responses in this controller, return the CORS access control headers.

  def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Max-Age'] = "1728000"
  end

  # If this is a preflight OPTIONS request, then short-circuit the
  # request, return only the necessary headers and return an empty
  # text/plain.

  def cors_preflight_check
    if request.method == :options
      headers['Access-Control-Allow-Origin'] = '*'
      headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
      headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
      headers['Access-Control-Max-Age'] = '1728000'
      render :text => '', :content_type => 'text/plain'
    end
  end

我已经发布了发送的请求(我也更改了网站):

Request URL:http://genome.ucsc.edu/cgi-bin/hgTracks?db=hg19&position=chr12:56360553-56366568
Request Headersview source
Accept:text/html, */*; q=0.01
Origin:http://0.0.0.0:3000
Referer:http://0.0.0.0:3000/batches/273/batch_details/7150
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
Query String Parametersview sourceview URL encoded
db:hg19
position:chr12:56360553-56366568

相同的错误:

XMLHttpRequest cannot load http://genome.ucsc.edu/cgi-bin/hgTracks?db=hg19&position=chr12:56360553-56366568. Origin http://0.0.0.0:3000 is not allowed by Access-Control-Allow-Origin.

编辑 2

纯粹出于沮丧,我还尝试注释掉protect_from_forgery,但没有奏效,并让我认为它可能是别的东西。有任何想法吗?

class ApplicationController < ActionController::Base
  #protect_from_forgery
  ....
4

0 回答 0