ruby-on-rails - Rails3 和 NginX CORS header

Question

我有一个通过 NginX 托管的 Rails3 应用程序，它提供了一个支持跨源资源共享 (CORS) 的 JSON API。 相关 header 应通过 NginX 添加，而不是通过 Rails 应用程序添加。

因此我在 routes.rb 中添加了一个捕捉器来获取 OPTIONS 预检请求:

match "*options", controller: "application", action: "options", constraints: { method: "OPTIONS" }

然后我将相应的端点添加到我的应用程序 Controller :

def options
  render :text => "", :layout => false
end

有效。现在我想为我的 NginX 提供一个开放的 CORS 配置:

    server {
            listen 80;
            server_name localhost;
            passenger_enabled on;
            root /home/deployer/apps/fooapp/current/public;

            location /v1 {
                    if ($request_method = 'OPTIONS') {
                            add_header 'Access-Control-Allow-Origin' '*';
                            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                            add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-FooApp-Auth-Token';
                            add_header 'Access-Control-Max-Age' 1728000;
                            add_header 'Content-Type' 'text/plain charset=UTF-8';
                            add_header 'Content-Length' 0;
                            return 200;
                    }
                    if ($request_method = 'POST') {
                            add_header 'Access-Control-Allow-Origin' '*';
                            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                            add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-FooApp-Auth-Token';
                    }
                    if ($request_method = 'GET') {
                            add_header 'Access-Control-Allow-Origin' '*';
                            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                            add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-FooApp-Auth-Token';
                    }
            }
    }

太好了，OPTIONS 请求现在在响应中包含了所有需要的 header :

curl -i -H'Accept: application/json' -H'Content-Type: application/json' -XOPTIONS 'http://api.fooapp.net/v1/api_session' -d'{"user":{"email":"demo@fooapp.net", "password":"somepassword"}}'

HTTP/1.1 200 OK
Server: nginx/1.2.3
Date: Sun, 02 Sep 2012 11:04:28 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-FooApp-Auth-Token
Access-Control-Max-Age: 1728000
Content-Type: text/plain charset=UTF-8
Content-Length: 0

但是一个真正的 POST 请求现在失败并返回 404:

curl -i -H'Accept: application/json' -H'Content-Type: application/json' -XPOST 'http://api.fooapp.net/v1/api_session' -d'{"user":{"email":"demo@fooapp.net", "password":"somepassword"}}'

HTTP/1.1 404 Not Found
Server: nginx/1.2.3
Date: Sun, 02 Sep 2012 11:06:19 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.2.3</center>
</body>
</html>

它必须这样做，因为 NginX 日志说:

2012/09/02 13:06:19 [error] 2464#0: *3 open() "/home/deployer/apps/fooapp/current/public/v1/api_session" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: "POST /v1/api_session HTTP/1.1", host: "api.fooapp.net"

我是 NginX 的新手，我知道这是一个非常开放且非常轻量级的配置。我不明白为什么 NginX 会尝试通过公共(public)路由这些请求，以便不请求底层的 Rails 应用程序。我必须如何更改配置，以便我的所有请求都像以前一样传递到应用程序，但仍然添加了 CORS header ？

提前致谢

菲利克斯

Answer 1

这有点晚了，但由于我刚遇到同样的问题，它可能会对其他人有所帮助。

您需要在位置 block 内启用乘客

location /{
     ...
     passenger_enabled on;
     ...
 }

希望对您有所帮助。