请求的资源上不存在“Access-Control-Allow-Origin"标头 [英] No 'Access-Control-Allow-Origin' header is present on the requested resource

问题描述

我将 omniauth-facebook 与 AngularJS 一起使用，但 CORS 无法正常工作.

I am using omniauth-facebook with AngularJS and CORS is not working correctly .

我的 omniauth.rb 是

My omniauth.rb is

Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook,"xxxxx", "xxxxx",
:scope => 'email,user_birthday,read_stream', :display => 'popup'

end

如果我将它用作 rails 应用程序和请求，一切正常.但是当我尝试通过 Angular JS 调用http:\localhost:3000\users\auth\facebook"时

Everything works if i use it as rails app and request. But when i try to call 'http:\localhost:3000\users\auth\facebook" via Angular JS

$http.get('/users/auth/facebook').success(function(data, status, headers, config) {
            console.log("back in success");
            }).
            error(function(data, status, headers, config) {

            });
    }

我在 JS 控制台中看到以下错误

i see following error in JS console

XMLHttpRequest 无法加载https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb.请求中不存在Access-Control-Allow-Origin"标头资源.因此不允许使用 Origin 'http://localhost:3000'访问.

XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=xxxx&display=popup…thday%2Cread_stream&state=3352c1924bdbc9277f7b1070c38d67acf79b529f198323cb. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

(在控制台中url没有完全显示)

(The url is not displayed completely in console)

我添加了以下行

config.middleware.insert_before Warden::Manager, Rack::Cors

但这也不起作用.

最好的方法是什么或如何覆盖 OmniAuth 的标头?

What is the best way or how can i override headers for OmniAuth ?

我正在使用 Angularjs 和 gem 设计，omniauth-facebook

I am using Angularjs and gem devise ,omniauth-facebook

推荐答案

由于您处于开发环境中，您可能想尝试一种解决方法，即允许浏览器在非安全模式下运行.

Since you are on your development environment you may want to try a workaround, by allowing you browser to run in a non-secure mode.

对于 Windows 上的 Chrome，从 CMD 尝试:

For Chrome on Windows, from CMD try:

> cd C:\Program Files (x86)\Google\Chrome\Application
> chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

--disable-web-security 标志将允许您进行跨域请求.--user-data-dir 标志将允许您仅为开发打开一个新会话.

The --disable-web-security flag will allow you to make cross domain requests. The --user-data-dir flag will allow you to open a new session only for development.

这只是您开发工作的解决方法！不要在生产中使用它或在此会话中导航到其他站点！

This is just a workaround for you development work! Don't use this in production or navigate to other sites in this session!

这篇关于请求的资源上不存在“Access-Control-Allow-Origin"标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！