新手问题 使用 rack-cors 在 production 环境下不能响应 PUT、DELETE

wootaw · 2015年10月21日 · 最后由 wootaw 回复于 2015年10月22日 · 3510 次阅读

在 rails 项目中使用 grape 写 api,使用 rack-cors 在 development 环境下没问题,但到了 production 环境下,所有 PUT、DELETE 请求都是 405,而 PUT、DELETE 请求之前的 OPTIONS 都是 200

在 application.rb 中

config.middleware.insert_before ActionDispatch::Static, Rack::Cors do
  allow do
    origins '*'
    resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :options]
  end
end

nginx 配置:

upstream my_unicorn {
 server unix:/srv/www/myapp/shared/sockets/unicorn.sock;
}

server {
  listen 80;
  server_name www.mysite.com;

  access_log /var/log/nginx/myapp.access.log;

  root /srv/www/myapp/current/public/;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://my_unicorn;
  }

}

尝试下通过 config.ru 来做

这个错和 CORS 无关,CORS 是浏览器收到 response header 后处理。而你的情况是在这之前就已经 405 了 应该有出错日志的

#1 楼 @42thcoder config.ru 试过,同样不行

in config.ru

require 'rack/cors'
use Rack::Cors do
  allow do
    origins '*'
    resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :options]
  end
end

#2 楼 @qhwa 好像是 CORS 对于 PUT、DELETE 没有附上头

OPTIONS:

General:

Response Headers

  • Access-Control-Allow-Credentials:true
  • Access-Control-Allow-Headers:accept, content-type
  • Access-Control-Allow-Methods:GET, POST, DELETE, PUT, OPTIONS
  • Access-Control-Allow-Origin:http://other.mysite.com
  • Access-Control-Expose-Headers:
  • Access-Control-Max-Age:1728000
  • Connection:keep-alive
  • Content-Encoding:gzip
  • Content-Type:text/plain
  • Date:Thu, 22 Oct 2015 01:52:26 GMT
  • Server:ASERVER/1.2.9-3
  • Status:200 OK
  • Transfer-Encoding:chunked
  • X-Powered-By-Anquanbao:MISS from chn-wh-cq-se2

Request Headers

  • Accept:/
  • Accept-Encoding:gzip, deflate, sdch
  • Accept-Language:zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
  • Access-Control-Request-Headers:accept, content-type
  • Access-Control-Request-Method:DELETE
  • Connection:keep-alive
  • Host:www.mysite.com
  • Origin:http://other.mysite.com
  • Referer:http://other.mysite.com/path
  • User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 - Safari/537.36

DELETE

General:

Response Headers

  • Connection:keep-alive
  • Content-Type:text/html
  • Date:Thu, 22 Oct 2015 01:52:26 GMT
  • Server:ASERVER/1.2.9-3
  • Transfer-Encoding:chunked
  • X-Powered-By-Anquanbao:MISS from chn-wh-cq-se2

Request Headers

  • Accept:application/json, text/plain, /
  • Accept-Encoding:gzip, deflate, sdch
  • Accept-Language:zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
  • Connection:keep-alive
  • Content-Length:2
  • Content-Type:application/json
  • Host:www.mysite.com
  • Origin:http://other.mysite.com
  • Referer:http://other.mysite.com/path
  • User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
5 楼 已删除
需要 登录 后方可回复, 如果你还没有账号请 注册新账号