如何测试Rails Rack-Cors Gem在工作
我正在尝试建立一个React -Rails API项目。我添加了gem'rack-cors'并创建了config/initializers/cors.rb文件:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "http://localhost:3001"
# The React part will be on port 3001 so thats way we add it
# Change it to the production url when going on production
resource "*",
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
我只想允许端口3001因为那是我的前端的港口。 现在,我想测试这是否实际上在工作并阻止其他请求。
到目前为止,我一直在使用Postman来测试API(必须下载它以与http一起使用)。我认为,由于我仅将过滤器添加到特定端口,因此它会从Postman中阻止请求,但仍在显示API调用中请求的数据。
另外,如果我尝试在浏览器上这样访问:
http://localhost:3000/api/v1/users
它仍在提供数据,除3001外,应将其阻止到每个端口。
为什么会发生?还有其他方法可以仔细检查它是否有效? 注意:我杀死了服务器并再次重新启动,并且它的行为仍然相同
I am trying to build a React - Rails API project. I added gem 'rack-cors' and created the config/initializers/cors.rb file:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "http://localhost:3001"
# The React part will be on port 3001 so thats way we add it
# Change it to the production url when going on production
resource "*",
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head]
end
end
I would only like to allow the port 3001 since thats the port my React front-end will be served at.
Now I would like to test if this is actually working and blocking other requests.
Up until now, I have been using Postman to test the API (had to download it to work with http). I thought that because I added the filter to only a specific port, it would block the requests from Postman but it is still showing the data requested in the API call.
Also if I try reaching it like this on the browser:
http://localhost:3000/api/v1/users
It is still giving the data, which should be blocked to every port except 3001.
Why is it happening? Is there any other way to double check if it is working?
NOTE: I killed the server and restarted it again and it is still behaving the same
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
要在本地测试CORS,我找到了此仓库: https://github.com/njgibbon-nicks-bon-nicks-bon-nicks-nicks-bon- CORS检测
只需克隆它,然后单击
html文件,使其在浏览器中打开。默认情况下,它正在调用github api( https://api.github.com )并从那里获取信息。您可以打开控制台并进行检查。如果将其更改为
https://google.com它将施加CORS限制。同样,您可以将其更改为
http:// localhost:3000/api/v1/users(在我的情况下),它将对我现在的配置施加CORS错误。要仔细检查,只需转到
cors.rb,然后putorigins“*”。重新启动应用程序服务器,然后尝试再次运行HTML文件。现在我们不会被阻止。To test CORS locally, I found this repo: https://github.com/njgibbon/nicks-cors-test
Just clone it, and click on the
htmlfile so it opens in your browser. By default it is calling thegithub API(https://api.github.com) and fetching info from there. You can open the console and check it.If you change it to
https://google.comit will throw a CORS restriction.Similarly, you can change it to
http://localhost:3000/api/v1/users(in my case) and it will throw a CORS error with the config I have now.To double-check, just go to
cors.rband putorigins "*". Restart the app server and try running again the html file. Now we won't be blocked.从浏览器(不是来自URL,也不是来自Postman)的API调用。可能是通过Ajax进行测试。
Make an API call from browser (Not from URL and Not from postman). May be through ajax to test.
只是通过添加
解决了它
宝石“架子”,需要:“机架/托架”
添加了刻度后,它有效
just solved it by adding
gem 'rack-cors', require: 'rack/cors'
after adding the require bit it worked
请尝试一下。
如果它返回 https://origin.com ,
try this
if it returns https://ORIGIN.com , it works.