Rails的跨域AJAX GET请求（CORS） [英] Rails cross domain ajax get request (CORS)

问题描述

我想实现谷歌Places API的在我的Rails应用程序。

这是试图使用从Ajax请求获取数据的功能时，我发现了错误：

  XMLHtt prequest无法加载。响应preflight请求不通过访问控制检查：没有访问控制允许来源标头的请求的资源present。原产地的http：//本地主机：3000'因此不允许访问。
 

我使用机架CORS宝石，我已经添加了这个片段到我的config / application.rb中的文件：

  0 config.middleware.insert_before，机架::一个Cors吗
      允许做
        起源*
        资源'*'，：标题=＆GT; ：有，：方法=＆GT; [：搞定了，：帖子，：选择]
      结束
    结束
 

这是从我的观点（CoffeeScript的）Ajax请求：

  $阿贾克斯
      URL：
      数据类型：JSON
      键入：GET
 

我添加了这部分我application_controller

 的before_filter：cors_ preflight_check
after_filter：cors_set_access_control_headers高清cors_set_access_control_headers
标题['访问控制允许来源'] ='*'
标题[访问控制允许的方法'] ='POST，GET，OPTIONS
标题[访问控制允许报头'] ='*'
标题['访问控制，最大年龄'] =1728000
结束高清cors_ preflight_check
如果request.method ==：选项
  标题['访问控制允许来源'] ='*'
  标题[访问控制允许的方法'] ='POST，GET，OPTIONS
  标题[访问控制允许报头'] ='*'
  标题['访问控制，最大年龄'] ='1728000'
  渲染：文本=＆GT; ''，：CONTENT_TYPE =＆GT; text / plain的'
结束
结束
 

和这个，我的路线文件

 匹配'*路径=＆GT; 应用程序＃cors_ preflight_check'：通过=＆GT; ：选项
 

我注意到，cors_ preflight_check方法不受我的要求引发的。
（我做当我点击我认为有一定联系的AJAX请求）

和我已经注意到，我的请求头保持不变。

（不添加访问控制允许来源请求头）

JSONP是不是一种选择，因为它不是由地方API支持

这是写在这些线程尝试一切：

• https://github.com/cyu/rack-cors/issues/33


• Can't获得机架CORS在轨运行的应用程序（config.middleware.insert 0，机架::一个Cors做）


• 的https://demisx.github.io/rails-api/2014/02/18/configure-accept-headers-cors.html


• POST方法不是在机架CORS工作轨道4 （添加之前和放大器;后，在应用程序控制器动作）


• Add定制的响应头与机架CORS和葡萄（使用：公开密钥）

解决方案

  

我想实现谷歌Places API的在我的Rails应用程序。

您似乎无所适从CORS一样。如果您正试图执行一个Ajax调用，例如 https://maps.googleapis.com 唯一的问题是CORS标头的在由谷歌响应发送。如果这不工作，你可能会尝试使用过时的API版本端点。

而不是遵循的步骤上：
的https://developers.google.com/maps/documentation/javascript/examples/place-search

如果你希望你的应用程序能够提供数据到其他域，那么你将提供CORS头。但是，这是不是很象是什么原因造成您的问题，除非你正在做的这是由一个独立的前端消耗的Rails应用程序的API

请参阅使用CORS ，获取有关CORS是如何工作的教程。

借助 CSP（内容安全策略）上另一方面，您可以设置为跨域请求更宽松的规则。但不应该是需要在这种情况下，因为谷歌提供CORS标头为自己的Web服务。

I'm trying to implement google places api in my rails app.

This is the error I'm getting when trying to use the function that is fetching the data from the ajax request:

XMLHttpRequest cannot load . Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

I'm using rack-cors gem and I've added this snippet into my config/application.rb file:

config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins '*'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
      end
    end

This is the ajax request from my view (coffeescript):

    $.ajax
      url: url
      dataType: "json"
      type: "GET"

I've added this part to my application_controller

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = '*'
headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
if request.method == :options
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
  headers['Access-Control-Allow-Headers'] = '*'
  headers['Access-Control-Max-Age'] = '1728000'
  render :text => '', :content_type => 'text/plain'
end
end

and this, to my routes file

 match '*path' => 'application#cors_preflight_check', :via => :options

I've noticed that "cors_preflight_check" method is not triggered by my request. (I make the AJAX request when I click a certain link in my view)

and I've noticed that my request headers remain unchanged.

(Access-Control-Allow-Origin is not added to request headers)

jsonp is not an option because it's not supported by places api

Tried everything that's written in these threads:

• https://github.com/cyu/rack-cors/issues/33
• Can't get rack-cors working in rails application (config.middleware.insert 0, Rack::Cors do)
• https://demisx.github.io/rails-api/2014/02/18/configure-accept-headers-cors.html
• POST Method not working in rack-cors rails 4 (adding before & after actions in the app controller)
• Add custom response header with Rack-cors and Grape (using :expose key)

解决方案

I'm trying to implement google places api in my rails app.

You seem confused about what CORS does. If you are trying to perform an ajax call to for example https://maps.googleapis.com the only thing that matters are the CORS headers sent in the response by Google. If this does not work you may be trying to use a outdated api version endpoint.

Instead follow the steps on: https://developers.google.com/maps/documentation/javascript/examples/place-search

If you want your application to be able to provide data to other domains then you would provide CORS headers. But this is not very like what is causing your issue unless you are doing a Rails api app which is consumed by a separate front-end.

See Using CORS for a tutorial on how CORS works.

The CSP (content security policy) on the other hand allows you to set more permissive rules for cross domain requests. But should not be needed in this case since Google provides CORS headers for their web services.

这篇关于Rails的跨域AJAX GET请求（CORS）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！