我正在尝试使用omniauth 将我的客户定向到外部服务授权页面。我的客户端使用 ember.js,我的服务器是 Rails 服务器。就目前情况而言,我可以在服务器端进行呼叫,但没有什么问题,但我的客户端不会重定向,导致我读取错误
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 404.做了一些研究表明我需要使用 CORS,我已经安装并配置了它。现在我只需要知道在哪里以及如何将
access-control-allow-origin我的路线:
get 'auth/:provider/callback' => 'sessions#create'
我的会话控制器:
class SessionsController < ApplicationController
def create
@request.env
auth = request.env['omniauth.auth']
Account.recieve_donation(auth)
end
end
这是您必须执行的操作如果您发出 GET 请求,您的客户端请求必须发送 Origin header,然后您的服务器必须在响应中发送 Access-Control-Allow-Origin header。 这两个标头的值必须相同才能允许跨源资源共享。
我找到了一个 ruby gem Rack CORS Middleware 来解决“Access-control-allow-origin”标头问题。
如果你不想使用 ruby gem,请在你的控制器中添加以下代码(application_controller, other_name_controller)
before_action :allow_cross_domain_access
after_action :cors_set_access_control_headers
def allow_cross_domain_access
headers['Access-Control-Allow-Origin'] = '*'# http://localhost:9000
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = '1728000'
end
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Allow-Headers'] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(',')
headers['Access-Control-Max-Age'] = "1728000"
end