CORS RESTサーバーと、そのURLを呼び出すJSコードを含むいくつかのページを開発しました。
JSページをリファクタリングすることにしましたが、サーバーへのDELETEajaxリクエストが機能しなくなりました。リファクタリングの一部には、からhttp://localhost/devに渡されるURLが含まれますhttp://dev.local。リクエストの許可されたオリジンに新しいURLを追加しましたが、実際、GETルートは問題なく機能します。
DELETE代わりに、現在は許可されておらず(プリフライトでは403)、どこに間違いがあるのかわかりません。
ここで、開発者の観点からのOPTIONSandDELETEダンプ:
Request URL:http://localhost:9292/users/101
Request Method:OPTIONS
Status Code:200 OK
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, accept
Access-Control-Request-Method:DELETE
Cache-Control:no-cache
Connection:keep-alive
Host:localhost:9292
Origin:http://dev.local
Pragma:no-cache
Referer:http://dev.local/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, accept
Access-Control-Allow-Methods:PUT, OPTIONS, DELETE, GET, POST
Access-Control-Allow-Origin:http://dev.local
Access-Control-Expose-Headers:Content-Type
Access-Control-Max-Age:1728000
Connection:close
Content-Type:text/plain
Server:thin 1.3.1 codename Triple Espresso
「Forbidden」を含むペイロードで応答します。ここでのDELETE要件:
Request URL:http://localhost:9292/users/101
Request Method:DELETE
Status Code:403 Forbidden
Request Headers
DELETE /users/101 HTTP/1.1
Host: localhost:9292
Connection: keep-alive
Cache-Control: no-cache
Origin: http://dev.local
Pragma: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://dev.local/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fbsr_348362375211512=r2WOBYNXrmyP6lKJ7JVAnlU9gfLjela8jRSarGHvQ-M.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUURSRDhOckJ2YnI0MlFLTk5vblhiOGNVcjVXTFpHTDNMcVBjYl9PXzFqd3hKS0tlWFZ1cFVVMi03OXNxOU1BcjFGV2RxTzVtV0RSTllXbkxKcndUQmtZOFpMS3VmeWt0b05xU3ctVzdqNk4zVHBFQVZOM3ZlRzFKeW5lRWpiRkxSdXlPNHpGMDNVd255RFZqZ0xOdHQwMTJCUWVvb0NSR1ZSTVUtQkVhS1ZtaGtKZGdKck5RSDUwWHhQVW5wT1MyY0EiLCJpc3N1ZWRfYXQiOjEzNDY0MjUyMzgsInVzZXJfaWQiOiIxMDI5MDk2MTIzIn0; oauth2-token=; rack.session=BAh7CUkiD3Nlc3Npb25faWQGOgZFRiJFNTc3ZTMxZGZjNWUxYWNhZDU3NWUw%0ANjJkMDBkMDRiNmMxOWI0ODE5Yjk5YjMwMWI3YTMyOTM1ZjVmZWMyMGY1ZEki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItZGY1ZDgz%0AMzMyYTg4ZjBkNGY1ZGU0MGNjNzljMDhkNTUzZDJkMjkxNUkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0N0kiB2lkBjsA%0ARmlqSSIObG9nZ2VkX2luBjsARlQ%3D%0A--c1a452275c10bd0ebe0e21fe7925d1fe7349c46f
Response Headers
HTTP/1.1 403 Forbidden
X-Frame-Options: sameorigin
Content-Type: text/plain
Set-Cookie: rack.session=BAh7CkkiD3Nlc3Npb25faWQGOgZFRiJFNTc3ZTMxZGZjNWUxYWNhZDU3NWUw%0ANjJkMDBkMDRiNmMxOWI0ODE5Yjk5YjMwMWI3YTMyOTM1ZjVmZWMyMGY1ZEki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItZGY1ZDgz%0AMzMyYTg4ZjBkNGY1ZGU0MGNjNzljMDhkNTUzZDJkMjkxNUkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0N0kiB2lkBjsA%0ARmlqSSIObG9nZ2VkX2luBjsARlRJIgljc3JmBjsARiJFNWRjMjdjZThkNTM0%0ANWFhMTU3OGQ2ZDk3NGJjYjZjZGMzMzEwOTFiNTg5OTk1YTMyYTYxOTMzMTgy%0AMTU0N2E2ZA%3D%3D%0A--578809491df1629d183c98a530ccbcf925000b6e; path=/; HttpOnly
Access-Control-Allow-Origin: http://dev.local
Access-Control-Allow-Methods: PUT, OPTIONS, DELETE, GET, POST
Access-Control-Expose-Headers: Content-Type
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
Vary: Origin
Connection: close
Server: thin 1.3.1 codename Triple Espresso
問題を特定するためのアイデアや提案はありますか?
ありがとう、ダリオ。