NGINX - 即使设置了Access-Control-Allow-Origin也不存在

时间:2017-11-07 13:38:01

标签: nginx

每次我尝试设置Access Control Allow Origin方法时,它总是返回;

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access. The response had HTTP status code 405.

它读取每个其他标头集,因为我逐个删除它们来检查这个,并且当我这样做时发生相关的错误。唯一没有阅读的是有问题的那个。

这是我的配置;

location / {
   add_header 'Access-Control-Allow-Credentials', 'true';
   add_header 'Access-Control-Allow-Origin' 'http://example.com';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
   add_header 'Access-Control-Expose-Headers' 'Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-CSRF-TOKEN, X-MODE';
   add_header 'Access-Control-Allow-Headers' 'X-CSRF-TOKEN';

   try_files $uri $uri/ /index.php?$query_string;
}

规格:Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-98-generic x86_64)

如果有人能看到我做错了,请分享!

此致

1 个答案:

答案 0 :(得分:0)

这是我能让它发挥作用的唯一方法;

Laravel' config/app.php

返回[

/*
 |--------------------------------------------------------------------------
 | CORS
 |--------------------------------------------------------------------------
 |
 */
'allow_credentials'      => env( 'CORS_ALLOWE_CREDENTIALS', 'true' ),
'allowed_origins'        => env( 'CORS_ALLOWED_ORIGINS', '*' ),
'allowed_headers'        => env( 'CORS_ALLOWED_HEADERS', '*' ),
'allowed_methods'        => env( 'CORS_ALLOWED_METHODS', 'GET, POST, OPTIONS' ),
'exposed_headers'        => env( 'CORS_EXPOSED_METHODS', '' ),
'max_age'                => env( 'CORS_MAX_AGE', 0 )

];

Laravel' public/index.php

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/

$kernel = $app->make('Illuminate\Contracts\Http\Kernel');

$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);

header("Access-Control-Allow-Origin: " . config( 'cors.allowed_origins' ) );
header("Access-Control-Allow-Headers: " . config( 'cors.allowed_headers' ) );
header("Access-Control-Allow-Methods: " . config( 'cors.allowed_methods' ) );
header("Access-Control-Max-Age: " . config( 'cors.max_age' ) );
header("Access-Control-Allow-Credentials: " . config( 'cors.allow_credentials' ) );

$response->send();

$kernel->terminate($request, $response);