我们遇到的问题是某些客户端正在从我们的NGINX Flask API中过滤/删除Access-Control-Allow响应标头,但是正在传递IIS API的标头。
示例HTTP请求
GET /reports?token=abcde HTTP/1.1
Host: domain.net
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://origin.domain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Referer: http://origin.domain.net/hello_some_world.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
IIS响应示例
HTTP/1.1 200
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 66
Content-Type: application/json
Expires: Wed, 20 Jul 2016 09:57:04 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDAURATAST=HJAPKCIDFOKJIHNCJMOCKLMO; secure; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, Cache-Control, Accept, Origin, X-Session-ID
Date: Wed, 20 Jul 2016 09:58:03 GMT
示例NGINX Flask响应(未过滤响应)
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Jul 2016 10:40:57 GMT
Content-Type: application/json
Content-Length: 861
Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, Cache-Control, Accept, Origin, X-Session-ID
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 20 Jul 2016 10:39:57 GMT
Connection: keep-alive
NGINX配置
server {
listen 80;
server_name domain.net;
# Handle all locations
location / {
# Pass the request to Gunicorn
proxy_pass http://127.0.0.1:8199;
# Set some HTTP headers so that our app knows where the
# request really came from
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#Set unlimited upload limit
client_max_body_size 0;
#Remove server details from header
server_tokens off;
}
}
我们已尝试将原始域v设为Access-Control-Allow-Origin的外卡,但似乎没有任何区别。
尝试过的其他标题包括Access-Control-Allow-Methods和GET, POST, OPTIONS
对于为什么会发生这种情况的任何见解都将不胜感激。