微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

ruby-on-rails – 如何使用rails,nginx和乘客配置“Access-Control-Allow-Origin”?

我无法让Access-Control-Allow-Origin显示在Chrome中 – 我的最终目标是使用Rails配置CORS字体,所以它可以与CloudFront一起使用.现在,我只想让它在开发中工作.我可以通过curl看到标题,但不能浏览Chrome.

我使用的是Rails 4.0,我已经尝试过以下所有的…

我已经按照the rack-cors example for rails 4配置了Gemfile和application.rb:

的Gemfile

gem 'rack-cors','~> 0.2.9',require: 'rack/cors'

配置/ application.rb中

config.middleware.insert_before 'Actiondispatch::Static','Rack::Cors' do
    allow do
        origins '*'
        resource '*',:headers => :any,:methods => [:get,:options,:head]
    end
end

导轨控制台

2.0.0-p481 :001 > Rails.env
 => "development"
2.0.0-p481 :002 > Hello::Application.config.serve_static_assets
 => true

庆典

curl -i http://localhost:5000/assets/OpenSans-Regular-webfont.woff

Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public,must-revalidate
Last-Modified: Wed,30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
X-Request-Id: c4b07b4d-1c43-44ea-9565-dfda66378f98
X-Runtime: 0.046007
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 04:39:38 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50

curl -i -H "Origin: http://localhost:5000" http://localhost:5000/assets/OpenSans-Regular-webfont.woff

Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public,30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
Access-Control-Allow-Origin: http://localhost:5000   # adding
Access-Control-Allow-Methods: GET,OPTIONS,HEAD     # -H
Access-Control-Max-Age: 1728000                      # produced
Access-Control-Allow-Credentials: true               # these
vary: Origin                                         # headers
X-Request-Id: b9666f30-416d-4b5b-946a-bdd432bc191c
X-Runtime: 0.050420
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 03:45:30 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50

Chrome(v37)开发工具>网络> OpenSans-Regular-webfont.woff>标题>回应标题

HTTP/1.1 304 Not Modified
Connection: keep-alive
Status: 304 Not Modified
Cache-Control: no-cache
X-Request-Id: ac153b8c-e0cb-489d-94dd-90aacc10d715
X-Runtime: 0.116511
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 03:41:53 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50

我也尝试了以下替代方案:根据various sources

config.middleware.insert_before 'Actiondispatch::Static','Rack::Cors' do
config.middleware.insert_after Rails::Rack::Logger,Rack::Cors do
config.middleware.insert_before Warden::Manager,Rack::Cors do
config.middleware.insert 0,Rack::Cors do
config.middleware.use Rack::Cors do

我也尝试过以下的application.rb,根据How to Display FontAwesome in Firefox Using Rails and CloudFront

config.assets.header_rules = {
  :global => {'Cache-Control' => 'public,max-age=31536000'},:fonts  => {'Access-Control-Allow-Origin' => '*'}
}

我还在config.ru中尝试了以下内容,按照CloudFront CDN with Rails on Heroku

require 'rack/cors'
use Rack::Cors do
    allow do
        origins '*'
        resource '*',:methods => :get 
    end 
end

捆绑exec rake中间件

use Rack::Cors
use Rack::Sendfile
use Actiondispatch::Static
use Rack::Lock
use #

我也试过font_assets无效.

最佳答案
服务器行让我想起Rails可能没有处理这些资产,而是由Nginx处理:

这意味着标题必须由Nginx添加,而不是Rails,因此我们需要配置Nginx.事实证明,the ability to configure nginx is possible as of Passenger 4.0.39 – (here is the corresponding Git diff).相应的文档可在Passenger Standalone,under Advanced configuration中找到.

文档中的一个重要注意事项:原始配置模板文件可能会不时更改,例如因为新功能被引入Phusion乘客.如果您的配置模板文件不包含所需的更改,则这些新功能可能无法正常工作.在最坏的情况下,Standalone甚至可能会发生故障.因此,每次升级Phusion Passenger时,应检查原始配置模板文件是否已更改,并将任何更改合并到自己的文件中.

关于该注意事项,除了可自定义配置文件副本之外,还可以创建一个“原始”副本,您可以在升级Passenger时进行差异化.

庆典

cp $(passenger-config about resourcesdir)/templates/standalone/config.erb config/Nginx.conf.erb
cp config/Nginx.conf.erb config/Nginx.conf.erb.original

接下来,将–Nginx-config-template config / Nginx.conf.erb添加procfile中的Web行.

procfile

web: bundle exec passenger start -p $PORT --max-pool-size 3 --Nginx-config-template config/Nginx.conf.erb

配置/ Nginx.conf.erb

接下来,通过查找如下所示的块来编辑配置文件config / Nginx.conf.erb:

    location @static_asset {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
        add_header ETag "";
    }

…并添加两个访问控制行:

    location @static_asset {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
        add_header ETag "";
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Request-Method *;
    }

而已.这将在生产中工作,但不在开发中,由于两者之间的config.assets差异.

配置差异

差异现在不应该返回任何东西,但是如果将来对乘客的更新包含对此文件的更改,您将会知道.

diff $(passenger-config about resourcesdir)/templates/standalone/config.erb config/Nginx.conf.erb.original

Nginx文档

> http://nginx.org/en/docs/beginners_guide.html
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location

未来的改进

>限制允许来源
>限制请求方法
>将两个标题限制为仅字体

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐