如何禁用cors?出于某种原因,我通配了允许的来源和标头,但我的ajax请求仍然抱怨我的CORS策略不允许该来源…。
我的应用程序控制器:
class ApplicationController < ActionController::Base protect_from_forgery before_filter :current_user, :cors_preflight_check after_filter :cors_set_access_control_headers # For all responses in this controller, return the CORS access control headers. def cors_set_access_control_headers headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS' headers['Access-Control-Allow-Headers'] = '*' headers['Access-Control-Max-Age'] = "1728000" end # If this is a preflight OPTIONS request, then short-circuit the # request, return only the necessary headers and return an empty # text/plain. def cors_preflight_check if request.method == :options headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS' headers['Access-Control-Allow-Headers'] = '*' headers['Access-Control-Max-Age'] = '1728000' render :text => '', :content_type => 'text/plain' end end private # get the user currently logged in def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end helper_method :current_user end
路线:
match "*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" } match "/alert" => "alerts#create" match "/alerts" => "alerts#get" match "/login" => "sessions#create" match "/logout" => "sessions#destroy" match "/register" => "users#create"
编辑 - -
我也尝试过:
config.middleware.use Rack::Cors do allow do origins '*' resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :options] end end
在application.rb中
-编辑2 —
问题是我认为Chrome扩展程序可能不支持CORS。如何绕过CORS获取信息?我应该如何应对飞行前检查?