PROSAGA码农传奇-决策支持-通过CORS政策允许任何内容

如何禁用cors？出于某种原因，我通配了允许的来源和标头，但我的ajax请求仍然抱怨我的CORS策略不允许该来源…。我的应用程序控制器：
<pre><code>class ApplicationController < ActionController::Base
 protect_from_forgery
 before_filter :current_user, :cors_preflight_check
 after_filter :cors_set_access_control_headers

# For all responses in this controller, return the CORS access control headers.

def cors_set_access_control_headers
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
  headers['Access-Control-Allow-Headers'] = '*'
  headers['Access-Control-Max-Age'] = "1728000"
end

# If this is a preflight OPTIONS request, then short-circuit the
# request, return only the necessary headers and return an empty
# text/plain.

def cors_preflight_check
  if request.method == :options
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Allow-Headers'] = '*'
    headers['Access-Control-Max-Age'] = '1728000'
    render :text => '', :content_type => 'text/plain'
  end
end
  private
  # get the user currently logged in
  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end
  helper_method :current_user

end
</code></pre>路线：
<pre><code> match "*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" }
 match "/alert" => "alerts#create"
 match "/alerts" => "alerts#get"
 match "/login" => "sessions#create"
 match "/logout" => "sessions#destroy"
 match "/register" => "users#create"
</code></pre>编辑 - -我也尝试过：
<pre><code> config.middleware.use Rack::Cors do
 allow do
 origins '*'
 resource '*', 
 :headers => :any, 
 :methods => [:get, :post, :delete, :put, :options]
 end
 end
</code></pre>在application.rb中-编辑2 —问题是我认为Chrome扩展程序可能不支持CORS。如何绕过CORS获取信息？我应该如何应对飞行前检查？