如何使用rails和nginx配置`Access-Control-Allow-Origin`? [英] How do I configure `Access-Control-Allow-Origin` with rails and nginx?
问题描述
我无法获得 Access-Control-Allow-Origin 在Chrome中显示 - 我的最终目标是使用Rails配置CORS字体,因此它可以在生产与CloudFront。现在,我只想让它工作在开发。我可以通过 curl 看到标题,但不能使用Chrome。
我使用 Rails 4.0 ,我已经尝试过以下所有...
我已经配置了 Gemfile 和 application.rb 按 - (这里是相应的Git diff )。相应的文档位于乘客独立版,位于高级配置下
文档中的一个重要注意事项:原始配置模板文件可能会不时更改,例如因为Phusion Passenger中引入了新功能。如果配置模板文件不包含所需的更改,则这些新功能可能无法正常工作。在最坏的情况下,独立可能会出现故障。因此,每次升级Phusion Passenger时,应检查原始配置模板文件是否已更改,并将任何更改合并回您自己的文件。
关于该说明,除了配置文件的可自定义的副本,创建一个原始副本,你可以 diff 每当你升级Passenger。
bash
cp $(passenger-config about resourcesdir )/templates/standalone/config.erb config / nginx.conf.erb
cp config / nginx.conf.erb config / nginx.conf.erb.original
接下来,将 - nginx-config-template config / nginx.conf.erb 添加到
Procfile strong>
web:bundle exec passenger start -p $ PORT --max-pool-size 3 --nginx-config- template config / nginx.conf.erb
config / nginx.conf.erb
接下来,通过查找如下所示的块来编辑配置文件 config / nginx.conf.erb :
位置@static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag;
}
...并添加两个访问控制行:
位置@static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Request-Method *;
}
就是这样。这将工作在生产,但不是在开发,由于 config.assets 两者之间的差异。
配置diff
diff 现在不应返回任何内容,但如果将来对乘客的更新包括对此文件的更改,您将知道。
diff $(passenger-config about resourcesdir)/templates/standalone/config.erb config / nginx.conf.erb.original
nginx文档
- a href =http://nginx.org/en/docs/beginners_guide.html =nofollow noreferrer> http://nginx.org/en/docs/beginners_guide.html
- http://nginx.org/en/docs /http/ngx_http_core_module.html#location
未来改进
- 限制
允许原始 - 限制
Request-Method - 将两个标题都限制为字体
I cannot get Access-Control-Allow-Origin to show up in Chrome - my ultimate goal is to configure CORS for fonts with Rails, so it works in production with CloudFront. For now though, I just want to get it to work in development. I can see the header via curl, but not Chrome.
I am using Rails 4.0, and I have tried all of the following...
I have configured Gemfile and application.rb as per the rack-cors example for rails 4:
Gemfile
gem 'rack-cors', '~> 0.2.9', require: 'rack/cors'
config/application.rb
config.middleware.insert_before 'ActionDispatch::Static', 'Rack::Cors' do
allow do
origins '*'
resource '*',
:headers => :any,
:methods => [:get, :options, :head]
end
end
rails console
2.0.0-p481 :001 > Rails.env
=> "development"
2.0.0-p481 :002 > Hello::Application.config.serve_static_assets
=> true
bash
curl -i http://localhost:5000/assets/OpenSans-Regular-webfont.woff
Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public, must-revalidate
Last-Modified: Wed, 30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
X-Request-Id: c4b07b4d-1c43-44ea-9565-dfda66378f98
X-Runtime: 0.046007
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat, 20 Sep 2014 04:39:38 UTC
Server: nginx/1.6.1 + Phusion Passenger 4.0.50
curl -i -H "Origin: http://localhost:5000" http://localhost:5000/assets/OpenSans-Regular-webfont.woff
Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public, must-revalidate
Last-Modified: Wed, 30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
Access-Control-Allow-Origin: http://localhost:5000 # adding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD # -H
Access-Control-Max-Age: 1728000 # produced
Access-Control-Allow-Credentials: true # these
Vary: Origin # headers
X-Request-Id: b9666f30-416d-4b5b-946a-bdd432bc191c
X-Runtime: 0.050420
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat, 20 Sep 2014 03:45:30 UTC
Server: nginx/1.6.1 + Phusion Passenger 4.0.50
Chrome (v37) Developer Tools > Network > OpenSans-Regular-webfont.woff > Headers > Response Headers
HTTP/1.1 304 Not Modified
Connection: keep-alive
Status: 304 Not Modified
Cache-Control: no-cache
X-Request-Id: ac153b8c-e0cb-489d-94dd-90aacc10d715
X-Runtime: 0.116511
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat, 20 Sep 2014 03:41:53 UTC
Server: nginx/1.6.1 + Phusion Passenger 4.0.50
I also tried the following alternatives, as per various sources:
config.middleware.insert_before 'ActionDispatch::Static', 'Rack::Cors' do
config.middleware.insert_after Rails::Rack::Logger, Rack::Cors do
config.middleware.insert_before Warden::Manager, Rack::Cors do
config.middleware.insert 0, Rack::Cors do
config.middleware.use Rack::Cors do
I also tried the following to applications.rb, as per How to Display FontAwesome in Firefox Using Rails and CloudFront:
config.assets.header_rules = {
:global => {'Cache-Control' => 'public, max-age=31536000'},
:fonts => {'Access-Control-Allow-Origin' => '*'}
}
I also tried the following in config.ru, as per CloudFront CDN with Rails on Heroku
require 'rack/cors'
use Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => :get
end
end
bundle exec rake middleware
use Rack::Cors
use Rack::Sendfile
use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007f9ec21590b0>
use Rack::Runtime
use Rack::MethodOverride
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
use Warden::Manager
use OmniAuth::Strategies::Facebook
run Hello::Application.routes
I also tried font_assets to no avail.
The Server line made me think that perhaps the assets are not being handled by Rails, but rather by nginx:
This means that the headers must be added by nginx, not Rails, and therefore we need to configure nginx. It turns out that the ability to configure nginx is possible as of Passenger 4.0.39 - (here is the corresponding Git diff). The corresponding documentation is available in Passenger Standalone, under Advanced configuration.
An important note in the documentation: The original configuration template file may change from time to time, e.g. because new features are introduced into Phusion Passenger. If your configuration template file does not contain the required changes, then these new features may not work properly. In the worst case, Standalone might even malfunction. Therefore, every time you upgrade Phusion Passenger, you should check whether the original configuration template file has changed, and merge back any changes into your own file.
With respect to that note, in addition to the customizable copy of the configuration file, create an "original" copy that you can diff whenever you upgrade Passenger.
bash
cp $(passenger-config about resourcesdir)/templates/standalone/config.erb config/nginx.conf.erb
cp config/nginx.conf.erb config/nginx.conf.erb.original
Next, add --nginx-config-template config/nginx.conf.erb to the web line in Procfile.
Procfile
web: bundle exec passenger start -p $PORT --max-pool-size 3 --nginx-config-template config/nginx.conf.erb
config/nginx.conf.erb
Next, edit the configuration file config/nginx.conf.erb by finding a block that looks as follows:
location @static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag "";
}
...and add the two Access-Control lines:
location @static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag "";
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Request-Method *;
}
That's it. This will work in production, but not in development, due to config.assets differences between the two.
the config diff
The diff should not return anything now, but if any future updates to passenger include a change to this file, you will know.
diff $(passenger-config about resourcesdir)/templates/standalone/config.erb config/nginx.conf.erb.original
nginx documentation
- http://nginx.org/en/docs/beginners_guide.html
- http://nginx.org/en/docs/http/ngx_http_core_module.html#location
future improvements
- restrict the
Allow-Origin - restrict the
Request-Method - restrict both headers to just fonts
这篇关于如何使用rails和nginx配置`Access-Control-Allow-Origin`?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
