CORS 来源设置不生效

支持
1

I want to embed the latest updates from our community on my website:

To accomplish this, I am trying to access the latest.json and will parse that appropriately and embed on my site:

I went to admin and setup the CORS origins:

20
Bildschirmfoto 2019-01-08 um 15.32.20.png1958×824 111 KB

I even updated app.yml with the following lines and rebuild the whole thing:
DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: ‘https://www.schulminator.com/
I don’t know if this is needed but it does work with this setting or without.

But still same issue as you check on this site:

Access to XMLHttpRequest at ‘https://community.schulminator.com/latest.json’ from origin ‘https://www.schulminator.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I am really stuck here…

3 个赞
2

Same problem here
Has someone been able to get it work?

3 个赞
3

如果任何人遇到类似的 CORS 配置问题,请检查是否已移除链接末尾的斜杠。这是一个愚蠢的错误,却浪费了我几个小时的时间。:sweat_smile:

5 个赞
4

我认为 CORS 设置提示确实应该更加明确:

当前文本

跨域请求(CORS)允许的源。每个源必须包含 http:// 或 https://。必须将 DISCOURSE_ENABLE_CORS 环境变量设置为 true 以启用 CORS。

草案提议

跨域请求(CORS)允许的源。每个源必须包含 http:// 或 https:// 且不得包含尾部斜杠。必须将 DISCOURSE_ENABLE_CORS 环境变量设置为 true 以启用 CORS。

顺便问一下,针对此类问题该如何提交 PR?是只需修改英文本地化文件 此处,而翻译工作由其他平台(例如 Transifex)管理,还是 PR 中也需要包含翻译内容?

2 个赞
5

如果末尾斜杠是个问题,我们的代码应该自动将其移除 @sam

6 个赞
7

@vinothkannans 能否修改一下,让这里自动去除末尾的斜杠?

3 个赞
8

此问题已在以下 PR 中修复:

4 个赞