Nginx / php fpm CORS请求无法通过

时间:2013-05-27 15:16:44

标签: php angularjs nginx cors

我一直在寻找nginx中的CORS请求conf并且达到了这个配置:

server {
listen      80;
server_name apibackend;
root        /mnt/www/apibackend/public;
access_log  /var/log/nginx/apibackend.access.log;
error_log   /var/log/nginx/apibackend.error.log;

# serve static files directly
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
    access_log off;
    expires max;
}

location /{
    index  index.html index.htm index.php; #try static .html file first
    try_files $uri $uri/ /index.php?q=$uri&$args;
} 

# catch all
error_page      404 /index.php;

location ~ \.php$ {
    add_header 'Access-Control-Allow-Origin' "*";
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, UPDATE, DELETE, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
    add_header 'Content-Length' 0;
    add_header 'Content-Type' 'text/plain charset=UTF-8';

    include                             /etc/nginx/fastcgi_params;
    fastcgi_index                       index.php;
    fastcgi_pass                        127.0.0.1:9000;
    fastcgi_split_path_info             ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO             $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED       $document_root$fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME       $document_root$fastcgi_script_name;
}

}

当我直接从浏览器访问它时,一切都很好,我添加的标题在这里:

HTTP/1.1 200 OK
Server: nginx/1.4.0
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6
Set-Cookie: laravel_session=7o4v2fiu460q9p9h2hfo9lpnv6; expires=Mon, 27-May-2013 17:03:02 GMT; path=/
Cache-Control: no-cache
Date: Mon, 27 May 2013 15:03:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, POST, UPDATE, DELETE, OPTIONS
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
Content-Length: 0
Content-Type: text/plain charset=UTF-8
Access-Control-Allow-Headers: Authorization
Content-Encoding: gzip

但是,当我从我的应用程序(位于另一个域(angularJS应用程序))访问它时,标题不会出现!

Connection:keep-alive
Content-Type:text/html
Date:Mon, 27 May 2013 15:03:12 GMT
Server:nginx/1.4.0
Set-Cookie:laravel_session=k9bastale5kuo0afndbp261025; expires=Mon, 27-May-2013 17:03:12 GMT; path=/; HttpOnly
Transfer-Encoding:chunked
X-Powered-By:PHP/5.3.10-1ubuntu3.6

然后,我有一个错误:

OPTIONS apibackend 500 (Internal Server Error) angular.min.js:99
OPTIONS apibackend Origin angularapp is not allowed by Access-Control-Allow-Origin. angular.min.js:99
XMLHttpRequest cannot load apibackend. Origin angularapp is not allowed by Access-Control-Allow-Origin.

我一直在努力,但没有任何线索。

感谢您的帮助!

1 个答案:

答案 0 :(得分:0)

首先,Nginx 的传统 add_header 指令不适用于 4xx 响应。由于我们仍想向它们添加自定义标头,因此我们需要安装 ngx_headers_more 模块才能使用 more_set_headers 指令,该指令也适用于 4xx 响应。

虽然文档建议使用模块构建 Nginx 源代码,但如果您使用的是 Debian 发行版,您实际上可以使用 nginx-extras 包轻松安装它:

sudo apt-get install nginx-extras

以 CORS 处理为例:

more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';

location / {
    if ($request_method = 'OPTIONS') {
        more_set_headers 'Access-Control-Allow-Origin: $http_origin';
        more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
        more_set_headers 'Access-Control-Max-Age: 1728000';
        more_set_headers 'Access-Control-Allow-Credentials: true';
        more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
        more_set_headers 'Content-Type: text/plain; charset=UTF-8';
        more_set_headers 'Content-Length: 0';
        return 204;
    }
    try_files $uri $uri/ /index.php?$query_string;
}