Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/ruby-on-rails/55.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javascript 即使存在访问控制允许源标题,XHR也被拒绝?_Javascript_Ruby On Rails_Xmlhttprequest_Sencha Touch - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • Javascript 即使存在访问控制允许源标题,XHR也被拒绝?

Javascript 即使存在访问控制允许源标题,XHR也被拒绝?

javascript ruby-on-rails sencha-touch

Javascript 即使存在访问控制允许源标题,XHR也被拒绝?,javascript,ruby-on-rails,xmlhttprequest,sencha-touch,Javascript,Ruby On Rails,Xmlhttprequest,Sencha Touch,在用Rails 3编写的开发服务器上,我在应用程序控制器中设置CORS头以允许跨域访问: class ApplicationController < ActionController::Base before_filter :cross_domain_setup # ... def options_request head :no_content end def cross_domain_setup response.headers["Access-Co

在用Rails 3编写的开发服务器上,我在应用程序控制器中设置CORS头以允许跨域访问:

class ApplicationController < ActionController::Base
  before_filter :cross_domain_setup
  # ...
  def options_request
    head :no_content
  end
  def cross_domain_setup
    response.headers["Access-Control-Allow-Origin"] = "*"
    response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE, OPTIONS"
    response.headers["Access-Control-Allow-Headers"] = "Content-Type, X-Requested-With"
  end
  # ...
end

# in routes.rb:
match "*path" => "application#options_request", constraints: { method: "OPTIONS" }
这将发送以下HTTP请求:

OPTIONS /friends/requests?_dc=1388320908671 HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: PUT
Origin: http://localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Access-Control-Request-Headers: x-requested-with, content-type
Accept: */*
Referer: http://localhost/path/to/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
我的服务器响应为:

HTTP/1.1 204 No Content
Date: Sun, 29 Dec 2013 12:41:48 GMT
Status: 204 No Content
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, X-Requested-With
X-UA-Compatible: IE=Edge
Cache-Control: no-cache
Set-Cookie: blahblahblah; path=/; HttpOnly
X-Request-Id: 01157976a93af661045eefdf4b8beb2e
X-Runtime: 0.016029
这一切看起来都是正确的。那么,为什么在开发人员工具中会出现以下错误

XMLHttpRequest cannot load http://localhost:3000/friends/requests?_dc=1388320920825. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
并非所有请求都被阻止。我还不知道为什么

可能出了什么问题?

我认为发生的情况是请求的资源产生了一个500内部服务器错误(无法将符号转换为整数等),但这显示为一个被阻止的请求,可能是因为由于500错误而没有发送CORS头

无论如何,使用gem似乎已经解决了这个问题。现在,我的前端收到了预期的500错误

XMLHttpRequest cannot load http://localhost:3000/friends/requests?_dc=1388320920825. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.