CORS - Chrome取消简单的GET请求

时间:2013-08-30 03:11:44

标签: nginx cors

我正在尝试设置CORS以与Node中的Socket IO一起使用。很遗憾,该请求一直被Chrome取消:

GET https://example.com/zebra/8601/socket.io/1/?key=example123&t=1377831596484 HTTP/1.1
Origin: https://example.io
Referer: https://example.io/example
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36

如果我在新标签中打开网址,我会得到更好的回复:

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Fri, 30 Aug 2013 03:00:12 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,Referer,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since

虽然这是一个实际的跨源请求,但它只是失败了。

Nginx配置如下:

location ~ ^/zebra/(\d+)(?:/(.*))?$ {
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Credentials true;
    add_header Access-Control-Allow-Methods "GET, PUT, POST, OPTIONS";
    add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,Origin,Referer,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since";
}

如何配置以使其与CORS一起使用?

1 个答案:

答案 0 :(得分:1)

因此,解决方案是确保我们在Node JS端正确配置此Socket IO设置:

io.configure(function() {
  io.set('origins', '*:*');
});

..然后在Nginx端使用CORS做任何时髦的事情, at all

从Nginx配置中删除所有add_header Access-Control-Allow次出现已经成功了。