我想限制在heroku上托管的rails后端仅接受来自我前端的CORS请求。
这是我的cors.rb:
allow do
origins 'https://seanhetzel.github.io/adventure_archive_frontend'
resource '*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
但是,当我提供前端域时,它被阻止并抛出此错误:
index.html:1 Access to fetch at 'https://dry-sands-78217.herokuapp.com/api/v1/sites' from origin 'https://seanhetzel.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
我查看了https://github.com/cyu/rack-cors/wiki/Origins-examples的文档。
我不是以正确的格式提供域吗?提取请求有问题吗?
答案 0 :(得分:0)
您的原始路径不正确。原始路径必须是网站根目录的绝对URL路径。
所以替换:
origins 'https://seanhetzel.github.io/adventure_archive_frontend'
与:
origins 'https://seanhetzel.github.io'