Rails, No 'Access-Control-Allow-Origin' header is present on the requested resource

问题

I have apps on Angular, which uses the server Ruby on Rails/oAuth backend. When registering a user in the console, I get these errors.

POST*.herokuapp.com/api/users 500 (Internal Server Error)  *.herokuapp.com/api/users:1 
Failed to load *.herokuapp.com/api/users: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '*.herokuapp.com' is therefore not allowed access. The response had HTTP status code 500.   /registration:1 

{
 "isTrusted": true     /auth.ts:95
}

And other errors that occur

{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
Error: Uncaught (in promise): {"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

Here is my application.rb

 require_relative 'boot'
 require 'rails/all'

 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)

 module Dkeeper
   class Application < Rails::Application
     config.middleware.use Rack::Cors do
       allow do
         origins '*'
         resource '*', headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head]
       end
     end
   end
 end

Here user_controller.rb

class Api::UsersController < ApiController
before_action :find_user, only: [:show, :update, :destroy]

def index
  @users = User.all

if @users.count(:all) > 0
  render
else
  render json: { message: 'No Users Found' }, status: 200
end
end

def show
 render
end

def create
@user = User.new(user_params)

if @user.save
  origin = request.headers['origin']
  ApplicationMailer.registration_confirmation(@user, origin).deliver
  render :show, status: :ok
else
  render json: {
    message: 'Registration failed',
    errors: @user.errors.full_messages
  }, status: 422
end
end

def update
if @user.update(user_params)
  render :show
else
  render json: {
    message: 'Could not update profile',
    errors: @user.errors.full_messages
  }, status: 422
end
end

def destroy
if @user.destroy
  render
else
  render json: {
    message: 'Could not delete user',
    errors: @user.errors.full_messages
  }, status: 422
end
end

def confirm_email
user = User.find_by_confirm_token(params[:id])
if user
  user.update_attribute(:email_confirmed, true)
  render json: {
    message: 'Email address has already confirmed',
    errors: user.errors.full_messages
  }, status: 200
else
  render json: {
    message: 'Email confirmation failed'
  }, status: 422
end
end

private

def user_params
  params.require(:user).permit(:email, :first_name, :last_name, :password, :password_confirmation)
end

def find_user
  @user = User.find(params[:id])
end

end

When I log in, the user is added to the database, but I get an error in the console.

Thank you for any help.

回答1:

This is a CORS error. You need to enable CORS on the server side and past the correct headers on the client side. Also google "Same Origin Policy"

来源：https://stackoverflow.com/questions/51280909/rails-no-access-control-allow-origin-header-is-present-on-the-requested-resou