如何禁用cors？由于某种原因，我对允许的来源和标头进行了通配符转换，但我的ajax请求仍然抱怨我的CORS策略不允许该来源。我的应用程序控制器：class ApplicationController < ActionController::Base  protect_from_forgery  before_filter :current_user, :cors_preflight_check  after_filter :cors_set_access_control_headers# For all responses in this controller, return the CORS access control headers.def cors_set_access_control_headers  headers['Access-Control-Allow-Origin'] = '*'  headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'  headers['Access-Control-Allow-Headers'] = '*'  headers['Access-Control-Max-Age'] = "1728000"end# If this is a preflight OPTIONS request, then short-circuit the# request, return only the necessary headers and return an empty# text/plain.def cors_preflight_check  if request.method == :options    headers['Access-Control-Allow-Origin'] = '*'    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'    headers['Access-Control-Allow-Headers'] = '*'    headers['Access-Control-Max-Age'] = '1728000'    render :text => '', :content_type => 'text/plain'  endend  private  # get the user currently logged in  def current_user    @current_user ||= User.find(session[:user_id]) if session[:user_id]  end  helper_method :current_userend路线：  match "*all" => "application#cors_preflight_check", :constraints => { :method => "OPTIONS" }  match "/alert" => "alerts#create"  match "/alerts" => "alerts#get"  match "/login" => "sessions#create"  match "/logout" => "sessions#destroy"  match "/register" => "users#create"编辑 - -我也尝试过：   config.middleware.use Rack::Cors do      allow do        origins '*'        resource '*',             :headers => :any,             :methods => [:get, :post, :delete, :put, :options]      end    end在application.rb中-编辑2 ---问题是我认为Chrome扩展程序可能不支持CORS。如何绕过CORS获取信息？我应该如何应对飞行前检查？