请求的资源上不存在“Access-Control-Allow-Origin”标头？

Question

My bootstrap glyphicons show on other browsers, but I get this error on google chrome:我的引导程序字形显示在其他浏览器上，但我在 google chrome 上收到此错误：

Font from origin ' http://d37p52igaahgm9.cloudfront.net ' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.来自源“ http://d37p52igaahgm9.cloudfront.net ”的字体已被跨源资源共享策略阻止加载：请求的资源上不存在“Access-Control-Allow-Origin”标头。 Origin ' http://www.anthonygalli.com ' is therefore not allowed access. Origin ' http://www.anthonygalli.com ' 因此不允许访问。

The error persists despite trying:尽管尝试过，但错误仍然存在：

application_controller.rb应用控制器.rb

before_action :set_cors

def set_cors
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Request-Method'] = '*'
end

application.rb应用程序.rb

config.middleware.insert_before 0, "Rack::Cors" do
  allow do
    origins '*'
    resource '*', :headers => :any, :methods => [:get, :post, :options]
  end
end

config.action_dispatch.default_headers = {
    'Access-Control-Allow-Origin' => '*',
    'Access-Control-Request-Method' => '*'
}

CORS Configuration Editor CORS 配置编辑器

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>https://www.anthonygalli.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Content-*</AllowedHeader>
        <AllowedHeader>Host</AllowedHeader>
    </CORSRule>
    <CORSRule>
        <AllowedOrigin>https://anthonygalli.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Content-*</AllowedHeader>
        <AllowedHeader>Host</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

REFERENCES参考

Answer 1

Try adding method and headers in application controller.尝试在应用程序控制器中添加方法和标题。 It worked for me.它对我有用。

    def cors_set_access_control_headers
        headers['Access-Control-Allow-Origin'] = '*'
        headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, PATCH, OPTIONS'
        headers['Access-Control-Request-Method'] = '*'
        headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
    end

Answer 2

You don't need to (shouldn't be) generating the headers in every response.您不需要（不应该）在每个响应中生成标头。

In your case, I would wager the asset request from your browser is being "preflighted" with an OPTIONS request, but the CDN passes on the request without Access-Control request headers .在您的情况下，我敢打赌来自您的浏览器的资产请求正在使用 OPTIONS 请求进行“预检”，但 CDN 传递的请求没有 Access-Control request headers 。 The CDN thus (correctly) receives no CORS response headers from your Rails app, so the browser doesn't even attempt the GET request, and fails with the Cross-Origin error. CDN 因此（正确地）没有从您的 Rails 应用程序接收到 CORS 响应标头，因此浏览器甚至不会尝试 GET 请求，并因跨域错误而失败。

"preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send “预检”请求首先通过 OPTIONS 方法向其他域上的资源发送 HTTP 请求，以确定实际请求是否可以安全发送

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests

Your CDN needs be set up to forward the correct request headers to your app server such that it knows to generate the CORS headers.您的 CDN 需要设置为将正确的请求标头转发到您的应用服务器，以便它知道生成 CORS 标头。 Then, the CDN will pass these CORS response headers along to the browser.然后，CDN 会将这些 CORS 响应标头传递给浏览器。

When you want OPTIONS responses to be cached, configure CloudFront to forward the following headers: Origin, Access-Control-Request-Headers, and Access-Control-Request-Method.如果您希望缓存 OPTIONS 响应，请将 CloudFront 配置为转发以下标头：Origin、Access-Control-Request-Headers 和 Access-Control-Request-Method。

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors

If you make the change to your CDN for those headers and then invalidate your assets, your rack-cors configuration by itself should work just fine.如果您对这些标头的 CDN 进行更改，然后使您的资产无效，那么您的rack-cors配置本身应该可以正常工作。

# config/initializers/cors.rb

# @note: must be run after initializers/_assets.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

    # All asset requests should be to rails prefixed assets paths
    # serverd from the asset pipeline (e.g.: "/assets/*" by default)
    resource "#{Rails.application.config.assets.prefix}/*",
      # Allow any request headers to be sent in the asset request
      # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers
      headers: :any,
      # All asset fetches should be via GET
      # Support OPTIONS for pre-flight requests
      # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
      methods: [:get, :options]
  end
end

请求的资源上不存在“Access-Control-Allow-Origin”标头？

问题描述

2 个解决方案

解决方案1
1 2016-09-29 09:25:17

解决方案2
1 已采纳 2017-03-01 17:45:47

请求的资源上不存在“Access-Control-Allow-Origin”标头？

问题描述

2 个解决方案

解决方案1 1 2016-09-29 09:25:17

解决方案2 1 已采纳 2017-03-01 17:45:47

解决方案1
1 2016-09-29 09:25:17

解决方案2
1 已采纳 2017-03-01 17:45:47