英文:
How can I fix the 'CORS policy' error I'm getting while trying to run my React-admin app on Rails 6 and ActiveStorage?
问题
I am using Rails 6 和 ActiveStorage to store files on S3. 我在尝试运行我的 react-admin 应用时遇到了一个 CORS 错误。我的 react-admin 前端显示的错误信息如下:
从来源 'http://my-react-admin-app.com' 尝试访问 'https://my-backend.com' 的请求已被 CORS 策略阻止:预检请求的响应未通过访问控制检查:所请求的资源上没有 'Access-Control-Allow-Origin' 标头。如果不透明的响应符合您的需求,请将请求的模式设置为 'no-cors',以在禁用 CORS 的情况下获取资源。
fetch.js:50 GET https://my-backend.com/data?_end=100&_order=ASC&_sort=id&_start=0&locale=en net::ERR_FAILED.
我已经为我的存储桶设置了以下 CORS 策略(但仍然不起作用):
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"X-Total-Count"
]
}
]
有什么指导意见吗?请注意:当我在本地运行一切时,一切都按预期工作。
我的 Gemfile 包含:
gem "rails", "~> 6.0.0"
gem "aws-sdk-s3", require: false
gem "rack-cors", "~> 1.0.3"
我的 cors.rb 文件内容如下:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "*"
resource "*",
headers: :any,
methods: [:get, :post, :put, :delete, :options],
expose: "X-Total-Count"
end
end
英文:
Im making use of Rails 6 and ActiveStorage to store files on S3.
I get a CORS error when I try to run my react-admin app.
Error message from my react-admin front end:
Access to fetch at 'https://my-backend.com' from origin 'http://my-react-admin-app.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
fetch.js:50 GET https://my-backend.com/data?_end=100&_order=ASC&_sort=id&_start=0&locale=en net::ERR_FAILED.
I have set up CORS policy for my bucket as follows (and it still wont work):
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"X-Total-Count"
]
}
]
Any pointers? - NOTE: everything works as it should when I run everything locally.
My gemfile has:
gem "rails", "~> 6.0.0"
gem "aws-sdk-s3", require: false
gem "rack-cors", "~> 1.0.3"
My cors.rb:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "*"
resource "*",
headers: :any,
methods: [:get, :post, :put, :delete, :options],
expose: "X-Total-Count"
end
end
答案1
得分: 1
错误看起来是由于服务器(Rails后端)上的CORS设置引起的,而不是S3。这可能是因为Rails后端没有提供请求资源中应该存在的'Access-Control-Allow-Origin'标头。
解决此问题需要遵循多个步骤。确保在进行以下每个更改后重新启动Rails服务器。
- 确保Rails服务器配置中的CORS设置正确(
config/application.rb文件或config/initializers/cors.rb)。你的cors.rb看起来没问题,但请检查它是否位于config/initializers路径下,并且Rails应用程序是否正确地引用它。
如果错误仍然存在,然后:
- 尝试在
config/application.rb中添加以下设置:(注意:用实际的前端域名替换http://react-app.com。)
module YourAppName
class Application < Rails::Application
# To initialize configuration defaults for originally generated Rails version
config.load_defaults 6.0
# Rest of the code
# To configure CORS
config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'http://react-app.com'
resource '*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
expose: ['X-Total-Count']
end
end
end
end
如果错误仍然存在,然后:
- 检查是否有代理或其他可以覆盖CORS设置的服务器设置。检查Nginx或Apache之类的Web服务器是否没有剥离CORS标头。
如果错误仍然存在,然后:
- 确保在Rails配置的
config.hosts列表中列出了React应用程序的域名(特别是如果你使用的是Rails 6)。
如果错误仍然存在,然后:
- 如果你的API在不同路径下提供服务,请将该路径添加到
resources语句中,如resource 'api/*'。
希望这能解决你的问题。
英文:
As I can see the error is due to CORS settings on the server (Rails backend) not with S3. This can be because 'Access-Control-Allow-Origin' header is not present in the request resource that should be provided by Rails backend.
There are multiple steps you have to follow to solve this issue. Make sure to restart Rails server after making each of the following changes.
- Ensure that CORS settings are correct in Rails server configuration (
config/application.rbfile orconfig/initializers/cors.rb). Yourcors.rblooks fine but check whether it is located inconfig/initializerspath and Rails application is picking it up correctly.
If error still persist, then:
-
Try adding the following settings to
config/application.rbas follows: (Note: Replacehttp://react-app.comwith actual frontend domain name.)module YourAppName
class Application < Rails::Application
# To initialize configuration defaults for originally generated Rails version
config.load_defaults 6.0# Rest of the code # To configure CORS config.middleware.insert_before 0, Rack::Cors do allow do origins 'http://react-app.com' resource '*', headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head], expose: ['X-Total-Count'] end endend
end
If error still persist, then:
- Check for any proxies or any other server settings that can override your CORS settings. Check whether web server like Nginx or Apache is not stripping out CORS headers.
If error still persist, then:
- Make sure domain of React App is listed in the
config.hostslist in Rails configuration (especially if you are using Rails 6).
If error still persist, then:
- If you are serving your aPI under a different path, then add the path to the
resourcesstatement asresource 'api/*
Hope this will solve your issue.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论