Clever Geek Handbook

The requested resource does not have an "Access-Control-Allow-Origin" header. Google font

I am trying to use google font in my rails app, but I am getting this message in my console and the font is not loading.

XMLHttpRequest cannot load http://fonts.googleapis.com/css?family=Open+Sans . The requested resource does not have an "Access-Control-Allow-Origin" header. Origin ' https://pre.blabloo.com ' is therefore not allowed.

I got the same error on my localhost: 3000. I add the following code to my application helper, but I still get the error.

after_filter :set_access_control_headers

def set_access_control_headers 
    headers['Access-Control-Allow-Origin'] = '*'  
    headers['Access-Control-Request-Method'] = '*' 
end

or

after_filter :set_access_control_headers

def set_access_control_headers 
    headers['Access-Control-Allow-Origin'] = 'https://pre.blabloo.com'  
    headers['Access-Control-Request-Method'] = '*' 
end

But nothing happens

Any help please.

UPDATE

I've also tried the gem of the rack:

In my config / application:

config.middleware.insert_before "ActionDispatch::Static", "Rack::Cors" do
      allow do
        origins 'http://localhost:3000'
        resource '*', :headers => :any, :methods => [:get, :post, :options]
      end
    end

But that won't work. Now I have another cross-posting issue with youtube.

+3


source to share


3 answers


I cannot solve the problem with any "Access-Control-Allow-Origin" configuration, so I decided to upload the font to the server.



Anyway, thanks for your help.

0


source


I would add it like this to your application.rb

config.action_dispatch.default_headers = {
    'Access-Control-Allow-Origin' => '*',
    'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",") # or whatever else you would like to allow
}


works for me.

+1


source


I tried to reproduce your problem and it worked for me with the following location and stylesheet_link_tag

:

<!DOCTYPE html>
<html>
<head>
  <title>SoAccessControl</title>
  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
  <%= stylesheet_link_tag    'application', 'http://fonts.googleapis.com/css?family=Open+Sans' %>
  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
  <%= csrf_meta_tags %>
</head>
<body>

<%= yield %>

</body>
</html>

I set the correct one font-family

in my stylesheet and it worked. After that, I tried to set the headers. And it worked:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  after_filter :set_cors

  def set_cors
    headers['Access-Control-Allow-Origin'] = 'https://example.com'
    headers['Access-Control-Request-Method'] = '*'
  end
end

Here's the check: verify

0


source






More articles:


All Articles