我在 heroku 有一个sinatra应用程序,无法成功
get '/fdsfdsfd' do
uri = URI.parse('https://fdsfdsfds')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
req = Net::HTTP::Get.new(uri.request_uri)
res = http.request(req)
# headers['Access-Control-Allow-Origin'] = '*'
# headers['Access-Control-Allow-Methods'] = "GET, POST, PUT, DELETE, OPTIONS"
# headers['Access-Control-Allow-Headers'] ="accept, authorization, origin"
response['Access-Control-Allow-Origin'] = '*'
response['Access-Control-Allow-Methods'] = "GET, POST, PUT, DELETE, OPTIONS"
response['Access-Control-Allow-Headers'] ="accept, authorization, origin"
res.body
end
检查回复时,会看到标题Access-Control-Allow-Origin存在,但尚未从我的javascript脚本发出ajax请求,我收到错误:
XMLHttpRequest cannot load `https://fdsfdsfds`.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
也许这是heroku的问题?或者我做错了什么?
更新:
这是curl(部分)的日志:
> GET /something HTTP/1.1
> User-Agent: curl/7.35.0
> Host: something.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Type: text/html;charset=utf-8
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Headers: accept, authorization, origin
< Content-Length: 2638
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
* Server WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16) is not blacklisted
< Server: WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)
< Date: Fri, 26 Feb 2016 12:51:09 GMT
< Via: 1.1 vegur
<
....body