无“访问控制允许来源”标头的请求的资源present [英] No 'Access-Control-Allow-Origin' header is present on the requested resource

问题描述

我使用omniauth Facebook的与AngularJS和CORS不能正常工作。

我omniauth.rb是

  Rails.application.config.middleware.use OmniAuth ::生成器做
供应商：脸谱，XXXXX，XXXXX，
：范围=＆GT; 电子邮件，user_birthday，read_stream'：显示= GT; '弹出'结束
 

一切正常，如果我用它作为Rails应用程序和要求。但是，当我尝试调用的http：\\本地主机：3000 \\用户\\权威性\\脸谱通过角JS

  $ http.get（'/用户/认证/ Facebook的）。成功（功能（数据，状态，头，配置）{
            的console.log（早在成功）;
            }）。
            错误（功能（数据，状态，头，配置）{            }）;
    }
 

在JS控制台

我看到下面的错误

  

XMLHtt prequest无法加载
  <一href=\"https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup\">https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb.
  无访问控制允许来源标头的请求present
  资源。原产地的http：//本地主机：3000因此不允许
  访问。

（URL是不显示完全控制台）

我添加以下行

  config.middleware.insert_before监狱长::经理，架::一个Cors
 

也并没有工作。

什么是最好的办法还是我如何重写标头OmniAuth？

  

我使用Angularjs和宝石色器件，omniauth Facebook的

解决方案

既然你对你的开发环境，你可能想尝试一种变通方法，通过允许您浏览器在非安全模式下运行。

有关Chrome Windows版，从CMD尝试：

 ＆GT; CD C：\\ Program Files文件（x86）的\\谷歌\\铬\\应用
＆GT;的chrome.exe --user-data-dir来=C：/ Chrome浏览器开发会议 - 禁用 - 网络安全
 

的 - 禁用 - 网络安全标志将让你做出跨域请求。在 - 用户数据目录标志将允许你打开一个新的会话的仅发展

这是<强>只为你一个解决方法开发工作！请不要在生产中使用这个或浏览其他网站在这个环节！

I am using omniauth-facebook with AngularJS and CORS is not working correctly .

My omniauth.rb is

Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook,"xxxxx", "xxxxx",
:scope => 'email,user_birthday,read_stream', :display => 'popup'

end

Everything works if i use it as rails app and request. But when i try to call 'http:\localhost:3000\users\auth\facebook" via Angular JS

$http.get('/users/auth/facebook').success(function(data, status, headers, config) {
            console.log("back in success");
            }).
            error(function(data, status, headers, config) {

            });
    }

i see following error in JS console

XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

(The url is not displayed completely in console)

I added following line

config.middleware.insert_before Warden::Manager, Rack::Cors

but also this didn't work .

What is the best way or how can i override headers for OmniAuth ?

I am using Angularjs and gem devise ,omniauth-facebook

解决方案

Since you are on your development environment you may want to try a workaround, by allowing you browser to run in a non-secure mode.

For Chrome on Windows, from CMD try:

> cd C:\Program Files (x86)\Google\Chrome\Application
> chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

The --disable-web-security flag will allow you to make cross domain requests. The --user-data-dir flag will allow you to open a new session only for development.

This is just a workaround for you development work! Don't use this in production or navigate to other sites in this session!

这篇关于无“访问控制允许来源”标头的请求的资源present的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！