20

我无法将 Angular 前端与 Rails 后端 API 完全集成。它们都在不同的服务器上运行,所以我认为我在使用 CORS 时遇到了问题。

我的 Angular 应用程序正在运行一个控制器,该控制器正在调用具有查询 (GET) 和保存 (POST) 方法的资源的服务。查询(GET)工作正常,但帖子不起作用。

当我不发送任何参数时,我可以向服务器发送 POST 请求。像这样:

控制器:

$scope.createBusiness = function() {

        console.log("Business.name=" + $scope.business.name);           
        $scope.business = Business.save(); 
    };

服务:

 .factory('Business', 

  function($resource){          
    var businesses =
     $resource('http://127.0.0.1\\:3000/:business', {business:'businesses'}, {      
        query: {method:'GET', isArray: true},
        save: {method:'POST', isArray: false}
     });        
     return businesses;           
  }

);

但是,我想发布我的模型参数,所以当我尝试发送某些东西时,我不再发送 POST 请求,而是发送 OPTIONS 请求。我得到一个错误。

请在我发送不带参数的请求(POST 请求)时查看我的请求数据:

Request URL:http://127.0.0.1:3000/businesses
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:es-ES,es;q=0.8
Connection:keep-alive
Content-Length:0
Content-Type:text/plain;charset=UTF-8
Host:127.0.0.1:3000
Origin:http://localhost:1234
Referer:http://localhost:1234/app/index.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Response Headersview source
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods:POST, PUT, DELETE, GET, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1728000
Access-Control-Request-Method:*
Cache-Control:max-age=0, private, must-revalidate
Connection:Keep-Alive
Content-Length:9
Content-Type:application/json; charset=utf-8
Date:Mon, 04 Nov 2013 16:50:33 GMT
Etag:"ccd3d779b6f97e2c24633184cbc8f98c"
Server:WEBrick/1.3.1 (Ruby/2.0.0/2013-06-27)
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Request-Id:e084295e-c7c6-4566-80d1-6e2a8ac2e712
X-Runtime:0.034000
X-Ua-Compatible:chrome=1
X-Xss-Protection:1; mode=block

我到达服务器,执行方法并获得响应!还行吧。

并且,当我发送带参数的请求(OPTIONS 请求)时查看我的请求数据

Request URL:http://127.0.0.1:3000/businesses
Request Method:OPTIONS
Status Code:404 Not Found
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:es-ES,es;q=0.8
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:127.0.0.1:3000
Origin:http://localhost:1234
Referer:http://localhost:1234/app/index.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Response Headersview source
Connection:Keep-Alive
Content-Length:131852
Content-Type:text/html; charset=utf-8
Date:Mon, 04 Nov 2013 16:54:04 GMT
Server:WEBrick/1.3.1 (Ruby/2.0.0/2013-06-27)
X-Request-Id:25705159-fbfb-4830-a0f1-6610fa09b70e
X-Runtime:0.371000

更新

添加模型参数时忘记添加控制器:

$scope.createBusiness = function() {

        console.log("Business.name=" + $scope.business.name);           
        $scope.business = Business.save($scope.business); 
    };

我有几个视图,有几个表单,所以,我不想只发布一个表单,而是我在范围内的业务对象模型(并且我填写了所有表单的数据)。

更新

这是我的 Rails Application_Controller(CORS 配置):

class ApplicationController < ActionController::Base


 # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  # OJOJOOJO: Rober: I have commented this line which is provided by default with rails and added all code below in order to 
  # add CSRF protection 
  #protect_from_forgery with: :exception

  protect_from_forgery

  before_filter :cors_preflight_check
  after_filter :cors_set_access_control_headers, :set_csrf_cookie_for_ng

# For all responses in this controller, return the CORS access control headers.

  def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
    headers['Access-Control-Request-Method'] = '*'
    headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
    headers['Access-Control-Max-Age'] = "1728000"
  end

# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.

  def cors_preflight_check
    if request.method == :options
      headers['Access-Control-Allow-Origin'] = '*'
      headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
      headers['Access-Control-Request-Method'] = '*'
      headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
      headers['Access-Control-Max-Age'] = '1728000'
      render :text => '', :content_type => 'text/plain'
    end
  end

  def set_csrf_cookie_for_ng
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end

protected

  def verified_request?
    super || form_authenticity_token == request.headers['X_XSRF_TOKEN']
  end  
end
4

2 回答 2

18

我终于让它工作了。

我将解释我在 Angular 和 Rails 4 中的所有配置,因为我想阅读它。

  1. 应用程序.js:

    angular.module('myApp', ['myApp.filters', 'myApp.services', 'myApp.directives', 'myApp.controllers', 'myApp.i18n', 'demo']).
config(['$routeProvider', '$httpProvider', function($routeProvider, $httpProvider) {

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];

    }]);

注意:当然,您不需要包含我的所有模块。

  1. 在我看来:

    <form novalidate="" name="createBusinessForm" ng-submit="setBusinessInformation()" class="css-form">            
        <label>* {{'BUSINESS_NAME' | translate}}</label>
        <input type="text" name="name" ng-model="business.name" class="input-xxlarge input-height-large" placeholder="{{'BUSINESS_NAME_PLACEHOLDER' | translate}}" required maxlength="80">
        <span ng-show="createBusinessForm.name.$dirty && createBusinessForm.name.$error.required" class="text-error">Mandatory field.</span>
        <label>* {{'ID' | translate}}</label>    
        <input type="text" ng-model="business.cif_nif" class="input-xlarge input-height-large" placeholder="{{'BUSINESS_ID_PLACEHOLDER' | translate}}" required maxlength="60">        
        <label>* {{'ADDRESS' | translate}}</label>

注意:您可以根据需要定义任意数量的字段,并使用数据绑定将值分配给对象。

  1. 在我的控制器中:

    $scope.createBusiness = function() {

        $scope.business.type = $scope.type; 
        $scope.business.plan = $scope.plan;     
        $scope.business = Business.save($scope.business);           
        $location.path('/user-dashboard');                              
    };

注意:您需要在发布请求中发送的所有属性。除了表单之外,您还可以在发送到 Rails API 之前为对象分配一些新属性。我们将使用带有资源对象的服务来发送 POST 请求。

  1. 在我的服务中:

    .factory('业务',

      function($resource){          
    var businesses =
     $resource('http://127.0.0.1\\:3000/:business', {business:'businesses'}, {      
        query: {method:'GET', isArray: true},
        save: {method:'POST', isArray: false}
     });        
     return businesses;           
  }

    );

注意:我有一个 GET 请求,通过 Rails API 和 POST 从 DB 获取业务。

导轨 4

重要的

  1. 路线.rb

    match "/businesses" => "application#index", via: :options

注意:新条目与 Angular 服务器将发送的 OPTIONS 请求相匹配,以预先协商发送 POST 请求的开始。

  1. application_controller.rb

    class ApplicationController < ActionController::Base


before_filter :set_headers

def index
  puts "Do nothing."
  render nothing: true
end

def set_headers
  puts 'ApplicationController.set_headers'
  if request.headers["HTTP_ORIGIN"]     
  # better way check origin
  # if request.headers["HTTP_ORIGIN"] && /^https?:\/\/(.*)\.some\.site\.com$/i.match(request.headers["HTTP_ORIGIN"])
    headers['Access-Control-Allow-Origin'] = request.headers["HTTP_ORIGIN"]
    headers['Access-Control-Expose-Headers'] = 'ETag'
    headers['Access-Control-Allow-Methods'] = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
    headers['Access-Control-Allow-Headers'] = '*,x-requested-with,Content-Type,If-Modified-Since,If-None-Match,Auth-User-Token'
    headers['Access-Control-Max-Age'] = '86400'
    headers['Access-Control-Allow-Credentials'] = 'true'
  end
end               
end

  2. 我的 Rails 控制器

    def create
  puts 'Businesses_controller.create!!!!!'
  puts business_params.inspect

  # business_type object is recovered from db
  businessTypeName = params[:type]    
  businessType = BusinessType.where(:name => businessTypeName).first
  ...
end

注意:在这里做任何你需要的......

于 2013-11-10T18:35:26.503 回答
14

我们遇到了同样的问题并采取了类似但希望更简单/更快/更灵活的方法。

我所做的快速总结是使用 ruby​​ 库“rack-cors”(https://github.com/cyu/rack-cors)来管理所有 CORS 标头。

这意味着我不必在我的代码中粘贴一堆硬编码的标头名称/值。

对我来说最大的好处是这可以处理简单的 CORS 请求(GET 请求和响应)和使用 OPTION 请求的预检请求(OPTIONS 请求和响应,然后是 POST 请求和响应)。

以下是我遵循的快速步骤:

  1. gem install rack-cors

  2. 将以下内容添加到 Gemfile:

    gem 'rack-cors', :require => 'rack/cors'

  3. 运行“捆绑安装”,这将更新 Gemfile.lock

  4. 编辑 config/application.rb 以添加以下块:

    config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors", :debug => true, :logger => Rails.logger do
  allow do
    origins '*'

    resource '*',
      :headers => :any,
      :methods => [:get, :post, :delete, :put, :options],
      :max_age => 0
  end
end

现在就我而言,我只是想向任何主机开放它,但你可以更加严格。您也可以限制标头和 http 方法。

在 github 页面上查看有关自述文件的更多详细信息:https ://github.com/cyu/rack-cors (rack-cors 作者在examples/rails3 和examples/rails4 下有示例rails 应用程序)

于 2014-09-16T15:26:52.903 回答