3

我已经构建了一个在 Heroku 上托管的 rails restful 服务和一个我试图从本地计算机运行的 Angular 客户端。最终,该客户端将运行添加到 phonegap 项目中。但是,现在我正在用 chrome 和 ie 测试应用程序,我的浏览器不断返回下面的错误。

XMLHttpRequest cannot load  Origin http://localhost is not allowed by Access-Control-Allow-Origin.

这是我收到的错误消息。在推送到 Heroku 之前,我遇到了这个问题,并通过在我的回复中添加访问标头来解决它。

    after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
        headers['Access-Control-Allow-Origin'] = 'http://localhost' #*
        headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
        headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
        headers['Access-Control-Max-Age'] = "1728000"
end

这似乎不起作用。由于某种原因,这不适用于 Heroku。有谁知道如何解决这个问题?

4

3 回答 3

6

Rails 4 的一种可能解决方案(未检查早期版本)。我曾经rails-api创建独立的 API 服务器。因此,基于ActionController::API. 在使用ActionController::Base.

# app/controllers/application_controller.rb
class ApplicationController < ActionController::API
  include ActionController::ImplicitRender
  include ActionController::MimeResponds

  def cors_preflight_check
    headers['Access-Control-Max-Age'] = '1728000'

    render json: {} # Render as you need
  end
end


# config/application.rb
class Application < Rails::Application
  config.action_dispatch.default_headers = {
    'Access-Control-Allow-Origin' => '*',
    'Access-Control-Allow-Methods' => 'POST, PUT, PATCH, DELETE, GET, OPTIONS',
    'Access-Control-Request-Method' => '*',
    'Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
  }
end


# config/routes.rb
# Last route definition code line
match '*path', to: 'application#cors_preflight_check', via: [:options]

这个解决方案对我来说似乎不那么骇人听闻。此外,它还关注OPTIONS“Rails-way”中的 HTTP 方法。

于 2013-12-10T13:57:58.633 回答
2 
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
    headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == "OPTIONS"
    headers['Access-Control-Allow-Origin'] = 'http://localhost'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end
end

这似乎奏效了。

于 2013-12-10T00:19:47.890 回答
0

我使用 rails-api,这个解决方案对我有用

https://til.hashrocket.com/posts/4d7f12b213-rails-5-api-and-cors

注意:将来源 'localhost:4200' 更改为来源 '*'

于 2017-05-08T03:29:27.200 回答