我想将托管在heroku上的rails后端限制为仅接受来自前端的CORS请求。
这是我的cors.rb:
allow do
origins 'https://seanhetzel.github.io/adventure_archive_frontend'
resource '*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
但是,当我提供前端域时,它被阻止并引发此错误:
index.html:1 Access to fetch at 'https://dry-sands-78217.herokuapp.com/api/v1/sites' from origin 'https://seanhetzel.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
我看过https://github.com/cyu/rack-cors/wiki/Origins-examples以获取文档。
我是否以不正确的格式提供域?提取请求有问题吗?
您的原始路径不正确。原始路径必须是网站根目录的绝对URL路径。
所以替换:
origins 'https://seanhetzel.github.io/adventure_archive_frontend'
with:
origins 'https://seanhetzel.github.io'