Javascript 即使存在访问控制允许源标题,XHR也被拒绝?
在用Rails 3编写的开发服务器上,我在应用程序控制器中设置CORS头以允许跨域访问:Javascript 即使存在访问控制允许源标题,XHR也被拒绝?,javascript,ruby-on-rails,xmlhttprequest,sencha-touch,Javascript,Ruby On Rails,Xmlhttprequest,Sencha Touch,在用Rails 3编写的开发服务器上,我在应用程序控制器中设置CORS头以允许跨域访问: class ApplicationController < ActionController::Base before_filter :cross_domain_setup # ... def options_request head :no_content end def cross_domain_setup response.headers["Access-Co
class ApplicationController < ActionController::Base
before_filter :cross_domain_setup
# ...
def options_request
head :no_content
end
def cross_domain_setup
response.headers["Access-Control-Allow-Origin"] = "*"
response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE, OPTIONS"
response.headers["Access-Control-Allow-Headers"] = "Content-Type, X-Requested-With"
end
# ...
end
# in routes.rb:
match "*path" => "application#options_request", constraints: { method: "OPTIONS" }
这将发送以下HTTP请求:
OPTIONS /friends/requests?_dc=1388320908671 HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: PUT
Origin: http://localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Access-Control-Request-Headers: x-requested-with, content-type
Accept: */*
Referer: http://localhost/path/to/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
我的服务器响应为:
HTTP/1.1 204 No Content
Date: Sun, 29 Dec 2013 12:41:48 GMT
Status: 204 No Content
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, X-Requested-With
X-UA-Compatible: IE=Edge
Cache-Control: no-cache
Set-Cookie: blahblahblah; path=/; HttpOnly
X-Request-Id: 01157976a93af661045eefdf4b8beb2e
X-Runtime: 0.016029
这一切看起来都是正确的。那么,为什么在开发人员工具中会出现以下错误
XMLHttpRequest cannot load http://localhost:3000/friends/requests?_dc=1388320920825. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
并非所有请求都被阻止。我还不知道为什么
可能出了什么问题?我认为发生的情况是请求的资源产生了一个500内部服务器错误(无法将符号转换为整数等),但这显示为一个被阻止的请求,可能是因为由于500错误而没有发送CORS头 无论如何,使用gem似乎已经解决了这个问题。现在,我的前端收到了预期的500错误
XMLHttpRequest cannot load http://localhost:3000/friends/requests?_dc=1388320920825. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.