Ruby on rails 访问控制允许原始Rails项目，跨域，无路由匹配[选项]_Ruby On Rails_Ruby On Rails 3_Cors

Ruby on rails 访问控制允许原始Rails项目，跨域，无路由匹配[选项]

ruby-on-rails ruby-on-rails-3 cors

Ruby on rails 访问控制允许原始Rails项目，跨域，无路由匹配[选项],ruby-on-rails,ruby-on-rails-3,cors,Ruby On Rails,Ruby On Rails 3,Cors,我正在我的Rails项目中实现一个API：我有一个示例HTML页面来测试我在Rails站点上的实现。。。我无法更改发送请求的站点上的编码。（代码如下）。我必须让我的rails项目接受这个请求我的应用程序控制器中包含了这个 before_filter :allow_cross_domain_access def allow_cross_domain_access response.headers["Access-Control-Allow-Origin"] = '*' r

我正在我的Rails项目中实现一个API：我有一个示例HTML页面来测试我在Rails站点上的实现。。。我无法更改发送请求的站点上的编码。（代码如下）。我必须让我的rails项目接受这个请求

我的应用程序控制器中包含了这个

  before_filter :allow_cross_domain_access
  def allow_cross_domain_access
    response.headers["Access-Control-Allow-Origin"] = '*'
    response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE, OPTIONS"
  end

当我用它发布到我的网站时，我得到

XMLHttpRequest cannot load http://192.168.1.65:3000/post_everywhere/0/loads. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 404

rails控制台显示：

  Started OPTIONS "/post_everywhere/0/loads" for 192.168.1.184 at 2015-02-02 09:20:42 -0600
  2015-02-02 09:20:42 FATAL --
  ActionController::RoutingError (No route matches [OPTIONS] "/post_everywhere/0/loads"):

问题是我希望它

发布

而不是使用

选项

我的路线设置如下：

  resources :post_everywhere do
    post :create_account
    post :update_account
    post :validate_account
    post :loads
    post :trucks
  end

我尝试过这个，但它对我不起作用，因为它正在寻找一个模板：

match 'post_everywhere/0/loads' => 'post_everywhere#loads', :via => [:get, :post, :options]

我无法更改的代码：这是其他网站向我发送信息的方式

function postLoad(remove) {
    try {
        var postToURL = document.getElementById("postToURL").value;
        var xmlhttp;
        if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest(); // code for IE7+, Firefox, Chrome, Opera, Safari
        else if (window.ActiveXObject) xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); // code for IE6, IE5
        else alert("Your browser does not support XMLHTTP!");
        xmlhttp.open("POST", postToURL, true);
        xmlhttp.setRequestHeader('Content-Type', "text/xml");
        xmlhttp.send(formatLoadPost(remove));
    }
    catch(e) { alert(e); }
}
function formatLoadPost(remove) {
    try {
        postXML = "<PELoadPostings><PostingAccount>";
        postXML += "<UserName>" + document.getElementById("login").value + "</UserName>";
        postXML += "<Password>" + document.getElementById("password").value + "</Password>";
        postXML += "<ContactName>" + document.getElementById("contactName").value + "</ContactName>";
        postXML += "<ContactPhone>" + document.getElementById("contactPhone").value + "</ContactPhone>";
        postXML += "<ContactFax>" + document.getElementById("contactFax").value + "</ContactFax>";
        postXML += "<ContactEmail>" + document.getElementById("contactEmail").value + "</ContactEmail>";
        postXML += "<CompanyName>" + document.getElementById("companyName").value + "</CompanyName>";
        postXML += "<UserID>" + document.getElementById("userID").value + "</UserID>";
        if (remove) postXML += "</PostingAccount><RemoveLoads>" + document.getElementById("loadData").value + "</RemoveLoads></PELoadPostings>";
        else postXML += "</PostingAccount><PostLoads>" + document.getElementById("loadData").value + "</PostLoads></PELoadPostings>";
        return postXML;
    }
    catch(e) { alert(e); }
}

控制台日志

 XMLHttpRequest cannot load http://192.168.1.65:3000/api/v3/post_everywhere/loads. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

我不想要一个文本模板，我想要拉在参数

但是它没有显示参数（XML）

我终于明白了现在如何使用XML文档

  def loads
    xml_doc = Nokogiri::XML(request.body.read)
    render json: { success: true }
  end

CORS要求您在接受任何其他请求之前响应选项。给出了一个如何做到这一点的示例。重要的是

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
  headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token'
  headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == 'OPTIONS'
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
    headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token'
    headers['Access-Control-Max-Age'] = '1728000'

    render :text => '', :content_type => 'text/plain'
  end
end

这将捕获带有“OPTIONS”方法的任何请求，并使用正确的头响应，而不包含任何内容。然后，客户端应用程序可以发送post，该post将按照routes.rb文件进行路由。另请参见

我在问题之后添加了更多信息。我仍然有问题，你会看到。。。

  def loads
    xml_doc = Nokogiri::XML(request.body.read)
    render json: { success: true }
  end

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
  headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token'
  headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == 'OPTIONS'
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
    headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token'
    headers['Access-Control-Max-Age'] = '1728000'

    render :text => '', :content_type => 'text/plain'
  end
end