运行环境

Ubuntu14.04, Ruby2.4.1, Rails 5.1.4 , passenger-5.1.11

使用阿里云 CDN

出现的问题

在开发环境下：所有资源加载正常。

在生产环境下：www 域名下加载正常，二级域名下 CSS 和 JS 正常，唯独 bootstrap glyphicons 图标不正常，如下图。

浏览器控制台

sign_in:1 Access to Font at 'http://assets.xxx.com/assets/bootstrap/glyphicons-halflings-regular-fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c.woff2' from origin 'http://crm.xxx.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://www.xxx.com' that is not equal to the supplied origin. Origin 'http://crm.xxx.com' is therefore not allowed access.

尝试过的解决办法

使用 gem rack-cors

config/application.rb

class Application < Rails::Application
  # CORS
  config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins '*'
      resource '*', :headers => :any, :methods => [:get, :post, :delete, :put, :patch, :options, :head]
    end
  end
end

未果

ApplicationController

class ApplicationController < ActionController::Base
  after_action :access_control_headers
  private
    def access_control_headers
      headers['Access-Control-Allow-Origin'] = "*" 
      headers['Access-Control-Request-Method'] = %w{GET POST OPTIONS}.join(",")
    end
end

未果

在 HTMl 里加

<meta http-equiv="Access-Control-Allow-Origin" content="http://crm.xxx.com"> 

未果

请大家指点一下，谢谢了。

已解决

自己把问题搞复杂了，是阿里云 CDN 配置问题。把 Access-Control-Allow-Origin 设置为*即可。