用于启用CORS的Nginx配置

时间:2015-06-15 05:19:10

标签: nginx

我正在关注尝试拥有我的nginx的参考资料 接受CORS。 http://enable-cors.org/server_nginx.html

但无论我如何配置我的/ etc / nginx / site-enable / default如下。 它只是不起作用。我的配置有什么问题吗?

感谢。

> >

  

服务器{           listen 80 default_server;           listen [::]:80 default_server ipv6only = on; 

    root /usr/share/nginx/html;
    index index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;
    #add_header Access-Control-Allow-Origin *; # < this is the needed header

    location / { 
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules

                 if ($request_method = 'OPTIONS') {
                    add_header 'Access-Control-Allow-Origin' '*';
                    #   
                    # Om nom nom cookies
                    #   
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                    #   
                    # Custom headers and headers various browsers *should* be OK with but aren't
                    #   
                    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
                    #   
                    # Tell client that this pre-flight info is valid for 20 days
                    #   
                    add_header 'Access-Control-Max-Age' 1728000;
                    add_header 'Content-Type' 'text/plain charset=UTF-8';
                    add_header 'Content-Length' 0;
                    return 204;
                 }   
                 if ($request_method = 'POST') {
                    add_header 'Access-Control-Allow-Origin' '*';
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
                 }   
                 if ($request_method = 'GET') {
                    add_header 'Access-Control-Allow-Origin' '*';
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
                 }   
    }    }

1 个答案:

答案 0 :(得分:0)

只有在您的请求中发送的所有标头都在allowed-headers字段中传播时,才会触发Nginx CORS-Filter。只发送一个本节未提及的标头后,CORS-Filter将不执行任何操作。你检查了你的请求标题了吗?

此外,您的配置不适用于PUT请求。您发送了哪种类型的请求?你检查了Response-headers吗?

尝试设置ipv6only = off;

相关问题
最新问题