请求的资源上不存在“Access-Control-Allow-Origin"标头 [英] No 'Access-Control-Allow-Origin' header is present on the requested resource
问题描述
我将 omniauth-facebook 与 AngularJS 一起使用,但 CORS 无法正常工作.
I am using omniauth-facebook with AngularJS and CORS is not working correctly .
我的 omniauth.rb 是
My omniauth.rb is
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook,"xxxxx", "xxxxx",
:scope => 'email,user_birthday,read_stream', :display => 'popup'
end
如果我将它用作 rails 应用程序和请求,一切正常.但是当我尝试通过 Angular JS 调用http:\localhost:3000\users\auth\facebook"时
Everything works if i use it as rails app and request. But when i try to call 'http:\localhost:3000\users\auth\facebook" via Angular JS
$http.get('/users/auth/facebook').success(function(data, status, headers, config) {
console.log("back in success");
}).
error(function(data, status, headers, config) {
});
}
我在 JS 控制台中看到以下错误
i see following error in JS console
XMLHttpRequest 无法加载https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb.请求中不存在Access-Control-Allow-Origin"标头资源.因此不允许使用 Origin 'http://localhost:3000'
访问.
XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin
'http://localhost:3000'
is therefore not allowed access.
(在控制台中url没有完全显示)
(The url is not displayed completely in console)
我添加了以下行
config.middleware.insert_before Warden::Manager, Rack::Cors
但这也不起作用.
最好的方法是什么或如何覆盖 OmniAuth 的标头?
What is the best way or how can i override headers for OmniAuth ?
我正在使用 Angularjs 和 gem 设计,omniauth-facebook
I am using Angularjs and gem devise ,omniauth-facebook
推荐答案
由于您处于开发环境中,您可能想尝试一种解决方法,即允许浏览器在非安全模式下运行.
Since you are on your development environment you may want to try a workaround, by allowing you browser to run in a non-secure mode.
对于 Windows 上的 Chrome,从 CMD 尝试:
For Chrome on Windows, from CMD try:
> cd C:\Program Files (x86)\Google\Chrome\Application
> chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security
--disable-web-security
标志将允许您进行跨域请求.--user-data-dir
标志将允许您仅为开发打开一个新会话.
The --disable-web-security
flag will allow you to make cross domain requests. The --user-data-dir
flag will allow you to open a new session only for development.
这只是您开发工作的解决方法!不要在生产中使用它或在此会话中导航到其他站点!
This is just a workaround for you development work! Don't use this in production or navigate to other sites in this session!
这篇关于请求的资源上不存在“Access-Control-Allow-Origin"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!