将CORS与Rails 4和heroku一起使用
我在heroku上使用Rails 4,需要启用CORS 我已经在网上浏览了好几个小时,尝试了各种各样的解决方案,这些解决方案对很多人都有效,但对我却没有 我最后一次尝试是简单地将COR添加到应用程序控制器中的所有请求中:将CORS与Rails 4和heroku一起使用,heroku,ruby-on-rails-4,cors,assets,Heroku,Ruby On Rails 4,Cors,Assets,我在heroku上使用Rails 4,需要启用CORS 我已经在网上浏览了好几个小时,尝试了各种各样的解决方案,这些解决方案对很多人都有效,但对我却没有 我最后一次尝试是简单地将COR添加到应用程序控制器中的所有请求中: before_filter :cors_preflight_check after_filter :set_headers def set_headers #if request.headers["HTTP_ORIGIN"] # better way ch
before_filter :cors_preflight_check
after_filter :set_headers
def set_headers
#if request.headers["HTTP_ORIGIN"]
# better way check origin
#if request.headers["HTTP_ORIGIN"] && /^https?:\/\/(.*)\.(.*)\.cloudfront\.net$/i.match(request.headers["HTTP_ORIGIN"])
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = "1728000"
#end
#end
end
def cors_preflight_check
if request.method == "OPTIONS"
headers['Access-Control-Allow-Origin'] = 'http://localhost'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = '1728000'
render :text => '', :content_type => 'text/plain'
end
end
提前谢谢 所以你几乎拥有我所有的东西,但我认为你没有将选项请求与你的cors\u飞行前检查方法相匹配。您还可以删除cors_飞行前请求的before筛选器,因为默认情况下选项将路由到那里。如果您对请求有任何身份验证,则需要删除选项请求的身份验证。看看这个,我会把重要的部分贴在这里 这将进入API的应用程序控制器中
#APIController
before_action :authenticate_user
after_filter :cors_set_access_control_headers
skip_before_filter :authenticate_user, :only => [:route_options]
def route_options
cors_preflight_check
end
private
def authenticate_user
#Do some cool stuff with tokens to identify the user
end
def cors_set_access_control_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email'
response.headers['Access-Control-Max-Age'] = "1728000"
end
def cors_preflight_check
if request.method == 'OPTIONS'
request.headers['Access-Control-Allow-Origin'] = '*'
request.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
request.headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token, Auth-Token, Email'
request.headers['Access-Control-Max-Age'] = '1728000'
render :text => '', :content_type => 'text/plain'
end
end
#Routes
#Route this to wherever you put the cors_preflight_check
#This is to handle the CORS preflight request, it only catches the options action.
controller 'api/v1/api' do
match '*unmatched_route', :to => 'api/v1/api#route_options', via: [:options]
end
希望这对你有用,如果没有,请告诉我。这是一个好问题,需要回答,我自己已经找了好几个小时了。我现在就发布我的解决方案。我昨晚遇到这个问题,我很不高兴!这对我来说很有效,但我决定使用rails cors gem,因为它不会污染我的应用程序控制器,我讨厌看这个。我建议你创建一个cors对象或者其他东西,如果你走这条路的话,把它放进去。