无法在nginx上禁用相同的源策略

时间:2014-01-10 07:12:25

标签: ajax nginx same-origin-policy

我需要在服务器上禁用相同的源策略。作为背景:我已经通过禁用web安全标志启动chrome来验证一切正常。一切都按预期工作。

这是我在nginx方面所做的:

upstream phpfcgi {
  server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket
}

server {
listen 80;

root /var/www/yammi2;
    index index.html index.php index.htm;
server_name myserver.ch;

add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Credentials 'true';
    add_header Access-Control-Allow-Headers 'Content-Type,accept,x-wsse,origin';
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';

# strip app.php/ prefix if it is present
    rewrite ^/app\.php/?(.*)$ /$1 permanent;

location / {
    index app.php;
    try_files $uri @rewriteapp;
}

location @rewriteapp {
    rewrite ^(.*)$ /app.php/$1 last;
}

# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(app|app_dev|config)\.php(/|$) {
    fastcgi_pass phpfcgi;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param  HTTPS off;

}

}

然后当我做curl call:curl -I myserver.ch时,我得到以下结果:

HTTP/1.1 302 Found
Server: nginx/1.1.19
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.9
Set-Cookie: PHPSESSID=gvcl3v533ib91l2c6v888gl9d3; path=/
cache-control: no-cache
date: Fri, 10 Jan 2014 07:01:18 GMT
location: http://myserver.ch/admin/restaurant
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,accept,x-wsse,origin
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE

所以至少似乎标题设置正确,但是当我进行ajax调用时的结果:

OPTIONS http://myserver.ch/api/v1/restaurant/closest?max=50&lat=47&lon=8 500 (Internal Server Error) jquery-2.0.3.js:7845
OPTIONS http://myserver.ch/api/v1/restaurant/closest?max=50&lat=47&lon=8 Origin http://localhost is not allowed by Access-Control-Allow-Origin. jquery-2.0.3.js:7845
XMLHttpRequest cannot load http://myserver.ch/api/v1/restaurant/closest?max=50&lat=47&lon=8. Origin http://localhost is not allowed by Access-Control-Allow-Origin. overview.html:1

我对“内部服务器错误”感到有些困惑,但我认为因为它适用于标志,所以这必须与相同的来源有关。

服务器应用程序是一个交响乐应用程序。我希望我没有错过任何东西。知道如何解决这个问题吗?甚至如何调试它?

也许最后一个剪辑,这是我如何拨打电话(再次,不应该是问题,因为禁用安全标志它按预期工作):

$.ajax({
          url: url,
          headers: {"x-wsse": getWsseHeader()},
          beforeSend: function (request) {
                request.setRequestHeader("x-wsse", getWsseHeader());
          },
          success: function() {

          },
          error: function(error) {
            console.log(error.statusText);
          }
        });

1 个答案:

答案 0 :(得分:0)

更改此行

add_header Access-Control-Allow-Origin *;


add_header 'Access-Control-Allow-Origin' '';
相关问题
最新问题