Rails 在 CORS 预检选项请求中以 404 响应 [英] Rails Responds with 404 on CORS Preflight Options Request

问题描述

我正在使用 Rails 4 创建一组服务，我正在使用 JavaScript 浏览器应用程序.跨域 GETS 工作正常，但我的 POST 未通过预检 OPTIONS 检查并出现 404 错误.至少，我认为这就是正在发生的事情.以下是控制台中出现的错误.这是 Mac 上的 Chrome 31.0.1650.63.

I'm creating a set of services using Rails 4, which I am consuming with a JavaScript browser application. Cross-origin GETS are working fine, but my POSTs are failing the preflight OPTIONS check with a 404 error. At least, I think that's what's happening. Here are the errors as they appear in the console. This is Chrome 31.0.1650.63 on a Mac.

OPTIONS http://localhost:3000/confessor_requests 404 (Not Found) jquery-1.10.2.js:8706
OPTIONS http://localhost:3000/confessor_requests No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. jquery-1.10.2.js:8706
XMLHttpRequest cannot load http://localhost:3000/confessor_requests. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. main.html:1

我已经到处搜索了有关启用 CORS 的说明，但我很困惑.通常的建议似乎是在 Application 控制器中放置这样的东西，我这样做了.

I've searched high and low for instructions on enabling CORS, and I'm stumped. The usual recommendation seems to be to put something like this in the Application controller, which I did.

before_filter :cors_preflight_check
after_filter :cors_set_access_control_headers

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS'
  headers['Access-Control-Allow-Headers'] = '*'
  headers['Access-Control-Max-Age'] = "1728000"
end

def cors_preflight_check
  if request.method == :options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = '*'
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end

随后是 routes.rb 中的某种路由，当 OPTIONS 请求进来时，该路由将重定向到此操作.

Followed by some kind of route in routes.rb that will redirect to this action when an OPTIONS request comes in.

match "/*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" }

'match' 指令在 Rails 4 中不再有效，所以我摆弄它，试图让它直接匹配 POSTS，如下所示:

The 'match' directive no longer works in Rails 4, so I fiddled with it, attempting to make it match POSTS directly, like this:

post "/*all" => "application#cors_preflight_check", :constraints => { :method => :options }

但它仍然不起作用.由于 GET 请求正在工作，我假设我缺少的是 OPTIONS 请求的正确路由.但是，我已经尝试了所有我能想到的路线，但似乎没有任何东西可以让请求通过.

But it still doesn't work. Since the GET requests are working, I'm assuming that what I'm missing is the correct route for the OPTIONS request. However, I've tried every route I can think of, and nothing seems to let the request through.

我也尝试安装 cyu/rack-cors，结果相同.

I also tried installing cyu/rack-cors, and this gives the same result.

有人知道我做错了什么吗?

Anyone know what I'm doing wrong?

推荐答案

这是您说您尝试过的 rack-cors gem 的解决方案.正如其他人所提到的，您没有详细说明您正在使用哪个前端框架以及实际请求的外观.因此，以下内容可能不适用于您，但我希望它对某人有所帮助.

Here's a solution with the rack-cors gem, which you said you tried. As others have mentioned, you didn't give much detail in regards to which front-end framework you're using and what the actual request looks like. So the following may not apply to you, but I hope it helps someone.

在我使用 PUT(或 PATCH 或 DELETE)之前，gem 运行良好.

如果您查看浏览器开发者控制台，请查看请求标头，您应该有如下一行:

If you look in your browser developer console, look at the request headers, and you should have a line like this:

Access-Control-Request-Method: PUT

需要注意的重要一点是，您传递给 resource 的 methods 用于 Access-Control-Request-Method，而不是飞行前检查后的请求方法.

The important thing to note is that the methods you pass to resource are for the Access-Control-Request-Method, not the Request Method that is to come after the pre-flight check.

注意我的 :methods =>[:get, :post, :options, :delete, :put, :patch] 将包括我关心的所有方法.

Note how I have :methods => [:get, :post, :options, :delete, :put, :patch] that will include all the methods I care about.

因此，对于 development.rb，您的整个配置部分应该如下所示:

Thus your entire config section should look something like this, for development.rb:

# This handles cross-origin resource sharing.
# See: https://github.com/cyu/rack-cors
config.middleware.insert_before 0, "Rack::Cors" do
  allow do
    # In development, we don't care about the origin.
    origins '*'
    # Reminder: On the following line, the 'methods' refer to the 'Access-
    # Control-Request-Method', not the normal Request Method.
    resource '*', :headers => :any, :methods => [:get, :post, :options, :delete, :put, :patch], credentials: true
  end
end

这篇关于Rails 在 CORS 预检选项请求中以 404 响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！