我无法让Access-Control-Allow-Origin显示在Chrome中 – 我的最终目标是使用Rails配置CORS字体,所以它可以与CloudFront一起使用.现在,我只想让它在开发中工作.我可以通过curl看到标题,但不能浏览Chrome.
我使用的是Rails 4.0,我已经尝试过以下所有的…
我已经按照the rack-cors example for rails 4配置了Gemfile和application.rb:
的Gemfile
gem 'rack-cors','~> 0.2.9',require: 'rack/cors'
配置/ application.rb中
config.middleware.insert_before 'ActionDispatch::Static','Rack::Cors' do
allow do
origins '*'
resource '*',:headers => :any,:methods => [:get,:options,:head]
end
end
导轨控制台
2.0.0-p481 :001 > Rails.env
=> "development"
2.0.0-p481 :002 > Hello::Application.config.serve_static_assets
=> true
庆典
curl -i http://localhost:5000/assets/OpenSans-Regular-webfont.woff
Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public,must-revalidate
Last-Modified: Wed,30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
X-Request-Id: c4b07b4d-1c43-44ea-9565-dfda66378f98
X-Runtime: 0.046007
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 04:39:38 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50
curl -i -H "Origin: http://localhost:5000" http://localhost:5000/assets/OpenSans-Regular-webfont.woff
Content-Type: application/font-woff
Content-Length: 22660
Connection: keep-alive
Status: 200 OK
Cache-Control: public,30 Apr 2014 23:51:57 GMT
ETag: "467b34801137bd4031e139839ad86370"
Access-Control-Allow-Origin: http://localhost:5000 # adding
Access-Control-Allow-Methods: GET,OPTIONS,HEAD # -H
Access-Control-Max-Age: 1728000 # produced
Access-Control-Allow-Credentials: true # these
Vary: Origin # headers
X-Request-Id: b9666f30-416d-4b5b-946a-bdd432bc191c
X-Runtime: 0.050420
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 03:45:30 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50
Chrome(v37)开发工具>网络> OpenSans-Regular-webfont.woff>标题>回应标题
HTTP/1.1 304 Not Modified
Connection: keep-alive
Status: 304 Not Modified
Cache-Control: no-cache
X-Request-Id: ac153b8c-e0cb-489d-94dd-90aacc10d715
X-Runtime: 0.116511
X-Powered-By: Phusion Passenger 4.0.50
Date: Sat,20 Sep 2014 03:41:53 UTC
Server: Nginx/1.6.1 + Phusion Passenger 4.0.50
我也尝试了以下替代方案:根据various sources:
config.middleware.insert_before 'ActionDispatch::Static','Rack::Cors' do
config.middleware.insert_after Rails::Rack::Logger,Rack::Cors do
config.middleware.insert_before Warden::Manager,Rack::Cors do
config.middleware.insert 0,Rack::Cors do
config.middleware.use Rack::Cors do
我也尝试过以下的application.rb,根据How to Display FontAwesome in Firefox Using Rails and CloudFront:
config.assets.header_rules = {
:global => {'Cache-Control' => 'public,max-age=31536000'},:fonts => {'Access-Control-Allow-Origin' => '*'}
}
我还在config.ru中尝试了以下内容,按照CloudFront CDN with Rails on Heroku
require 'rack/cors'
use Rack::Cors do
allow do
origins '*'
resource '*',:methods => :get
end
end
捆绑exec rake中间件
use Rack::Cors
use Rack::Sendfile
use ActionDispatch::Static
use Rack::Lock
use #
我也试过font_assets无效.
这意味着标题必须由Nginx添加,而不是Rails,因此我们需要配置Nginx.事实证明,the ability to configure nginx
is possible as of Passenger 4.0.39 – (here is the corresponding Git diff).相应的文档可在Passenger Standalone,under Advanced configuration中找到.
文档中的一个重要注意事项:原始配置模板文件可能会不时更改,例如因为新功能被引入Phusion乘客.如果您的配置模板文件不包含所需的更改,则这些新功能可能无法正常工作.在最坏的情况下,Standalone甚至可能会发生故障.因此,每次升级Phusion Passenger时,应检查原始配置模板文件是否已更改,并将任何更改合并到自己的文件中.
关于该注意事项,除了可自定义的配置文件副本之外,还可以创建一个“原始”副本,您可以在升级Passenger时进行差异化.
庆典
cp $(passenger-config about resourcesdir)/templates/standalone/config.erb config/Nginx.conf.erb
cp config/Nginx.conf.erb config/Nginx.conf.erb.original
接下来,将–Nginx-config-template config / Nginx.conf.erb添加到Procfile中的Web行.
Procfile
web: bundle exec passenger start -p $PORT --max-pool-size 3 --Nginx-config-template config/Nginx.conf.erb
配置/ Nginx.conf.erb
接下来,通过查找如下所示的块来编辑配置文件config / Nginx.conf.erb:
location @static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag "";
}
…并添加两个访问控制行:
location @static_asset {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag "";
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Request-Method *;
}
而已.这将在生产中工作,但不在开发中,由于两者之间的config.assets差异.
配置差异
差异现在不应该返回任何东西,但是如果将来对乘客的更新包含对此文件的更改,您将会知道.
diff $(passenger-config about resourcesdir)/templates/standalone/config.erb config/Nginx.conf.erb.original
Nginx文档
> http://nginx.org/en/docs/beginners_guide.html
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location
未来的改进