Heroku的Rails的CORS问题 [英] Heroku Rails CORS issue

问题描述

我已经建立了我在Heroku和我试图从我的本地机器上运行一个角客户端主机一轨RESTful服务。最终，该客户端将运行添加到的PhoneGap项目。然而，现在我在测试Chrome和IE应用程序和浏览器不断下面返回错误。

  XMLHtt prequest无法加载产地的http：//本地主机不被访问控制允许来源允许的。
 

这是我得到的错误信息。我面临着这个问题推到之前的Heroku通过添加添加访问头到我的答复解决它。

  after_filter：cors_set_access_control_headers＃对于此控制器的所有响应，返回CORS访问控制头。高清cors_set_access_control_headers
        标题['访问控制允许来源'] ='的http：// localhost'的＃*
        标题[访问控制允许的方法'] ='POST，GET，OPTIONS
        标题[访问控制允许报头'] =％W {地接受内容类型的X请求，通过X-CSRF令牌}。加入（''）
        标题['访问控制，最大年龄'] =1728000
结束
 

这似乎并没有工作。出于某种原因，这是不是与Heroku的工作。有谁知道如何解决这个问题呢？

解决方案

 类的ApplicationController＆LT; ActionController的基地::
protect_from_forgery
的before_filter：cors_ preflight_check
after_filter：cors_set_access_control_headers＃对于此控制器的所有响应，返回CORS访问控制头。高清cors_set_access_control_headers
    标题['访问控制允许来源'] ='*'
    标题[访问控制允许的方法'] ='POST，GET，OPTIONS
    标题[访问控制允许报头'] =％W {地接受内容类型的X要求，随着AUTH_TOKEN的X CSRF令牌}。加入（''）
    标题['访问控制，最大年龄'] =1728000
结束高清cors_ preflight_check
  如果request.method ==OPTIONS
    标题['访问控制允许来源'] ='的http：// localhost'的
    标题[访问控制允许的方法'] ='POST，GET，OPTIONS
    标题[访问控制允许报头'] =％W {地接受内容类型的X要求，随着AUTH_TOKEN的X CSRF令牌}。加入（''）
    标题['访问控制，最大年龄'] ='1728000'
    渲染：文本=＆GT; ''，：CONTENT_TYPE =＆GT; text / plain的'
  结束
结束
结束
 

这似乎这样的伎俩。

I have built a rails restful service that I host on Heroku and a Angular client which I am trying to run from my local machine. Eventually this client will be run added to a phonegap project. However, for now i'm testing the application in chrome and ie and my browser keeps returning the error below.

XMLHttpRequest cannot load  Origin http://localhost is not allowed by Access-Control-Allow-Origin. 

This is the error message that I get. I was faced with this issue before pushing to Heroku and resolved it by adding adding access headers to my responses.

    after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
        headers['Access-Control-Allow-Origin'] = 'http://localhost' #*
        headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
        headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
        headers['Access-Control-Max-Age'] = "1728000"
end

This does not seem to work. For some reason this isn't working with Heroku. Does anyone know how to solve this issue?

解决方案

class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
    headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == "OPTIONS"
    headers['Access-Control-Allow-Origin'] = 'http://localhost'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With auth_token X-CSRF-Token}.join(',')
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end
end

That seemed to do the trick.

这篇关于Heroku的Rails的CORS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！