Rails 响应 CORS 预检选项请求的 404 [英] Rails Responds with 404 on CORS Preflight Options Request

问题描述

我正在使用 Rails 4 创建一组服务，我正在使用 JavaScript 浏览器应用程序使用这些服务.跨域GETS 工作正常，但我的POST 未通过预检选项检查并显示404 错误.至少，我认为这就是正在发生的事情.以下是出现在控制台中的错误.这是 Mac 上的 Chrome 31.0.1650.63.

I'm creating a set of services using Rails 4, which I am consuming with a JavaScript browser application. Cross-origin GETS are working fine, but my POSTs are failing the preflight OPTIONS check with a 404 error. At least, I think that's what's happening. Here are the errors as they appear in the console. This is Chrome 31.0.1650.63 on a Mac.

OPTIONS http://localhost:3000/confessor_requests 404 (Not Found) jquery-1.10.2.js:8706
OPTIONS http://localhost:3000/confessor_requests No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. jquery-1.10.2.js:8706
XMLHttpRequest cannot load http://localhost:3000/confessor_requests. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. main.html:1

我搜索了很多关于启用 CORS 的说明，但我被难住了.通常的建议似乎是在应用程序控制器中放置类似的东西，我就是这样做的.

I've searched high and low for instructions on enabling CORS, and I'm stumped. The usual recommendation seems to be to put something like this in the Application controller, which I did.

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS'
  headers['Access-Control-Allow-Headers'] = '*'
  headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == :options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = '*'
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end

随后是 routes.rb 中的某种路由，当一个 OPTIONS 请求进来时，它会重定向到这个动作.

Followed by some kind of route in routes.rb that will redirect to this action when an OPTIONS request comes in.

match "/*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" }

'match' 指令在 Rails 4 中不再有效，所以我摆弄它，试图让它直接匹配 POSTS，像这样:

The 'match' directive no longer works in Rails 4, so I fiddled with it, attempting to make it match POSTS directly, like this:

post "/*all" => "application#cors_preflight_check", :constraints => { :method => :options }

但是还是不行.由于 GET 请求正在工作，我假设我缺少的是 OPTIONS 请求的正确路由.但是，我已经尝试了所有我能想到的路线，但似乎没有什么能让请求通过.

But it still doesn't work. Since the GET requests are working, I'm assuming that what I'm missing is the correct route for the OPTIONS request. However, I've tried every route I can think of, and nothing seems to let the request through.

我还尝试安装 cyu/rack-cors，结果相同.

I also tried installing cyu/rack-cors, and this gives the same result.

有人知道我做错了什么吗?

Anyone know what I'm doing wrong?

推荐答案

这是一个使用 rack-cors gem 的解决方案，你说你试过了.正如其他人所提到的，您没有详细说明您使用的是哪个前端框架以及实际请求是什么样的.因此，以下内容可能不适用于您，但希望对您有所帮助.

Here's a solution with the rack-cors gem, which you said you tried. As others have mentioned, you didn't give much detail in regards to which front-end framework you're using and what the actual request looks like. So the following may not apply to you, but I hope it helps someone.

就我而言，在我使用 PUT(或 PATCH 或 DELETE)之前，gem 工作正常.

如果您查看浏览器开发者控制台，请查看请求标头，您应该有这样一行:

If you look in your browser developer console, look at the request headers, and you should have a line like this:

Access-Control-Request-Method: PUT

需要注意的重要一点是，您传递给 resource 的 methods 用于 Access-Control-Request-Method，而不是用于飞行前检查后的请求方法.

The important thing to note is that the methods you pass to resource are for the Access-Control-Request-Method, not the Request Method that is to come after the pre-flight check.

注意我如何使用 :methods =>[:get, :post, :options, :delete, :put, :patch] 将包含我关心的所有方法.

Note how I have :methods => [:get, :post, :options, :delete, :put, :patch] that will include all the methods I care about.

因此，对于 development.rb，您的整个配置部分应如下所示:

Thus your entire config section should look something like this, for development.rb:

# This handles cross-origin resource sharing.
# See: https://github.com/cyu/rack-cors
config.middleware.insert_before 0, "Rack::Cors" do
  allow do
    # In development, we don't care about the origin.
    origins '*'
    # Reminder: On the following line, the 'methods' refer to the 'Access-
    # Control-Request-Method', not the normal Request Method.
    resource '*', :headers => :any, :methods => [:get, :post, :options, :delete, :put, :patch], credentials: true
  end
end

这篇关于Rails 响应 CORS 预检选项请求的 404的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！