我一直在尝试使用nginx添加CORS http标头,但是失败了,应该在下面的nginx配置中添加什么以允许每个请求都使用CORS?
我有这个nginx.conf
:
user nginx;
worker_processes auto;
worker_rlimit_nofile 2048;
load_module modules/ngx_stream_module.so;
error_log /var/log/nginx/error_log info;
events {
worker_connections 2048;
use epoll;
}
#### REMOVE THIS SECTION IF YOU WANT TO CONFIGURE YOUR ENVIRONMENT YOURSELF #####
include /etc/nginx/nginx-jelastic.conf;
#### MAKE CHANGES HERE ONLY IF YOU REALY KNOW WHAT YOU ARE DOING #####
和这个nginx-jelastic.conf
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
include /etc/nginx/mime.types;
default_type application/octet-stream;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 5.6.7.8/8;
set_real_ip_from 1.2.3.4/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
log_format main '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
client_max_body_size 50m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
# gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
map $upstream_addr $group {
default "";
### MAPPING FOLLOWS HERE ###
### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this!
~9\.8\.7\.6\:80$ common; ### MAPPROTO for common ###
}
### DEFAULT UPSTREAM FOLLOWS HERE ###
upstream default_upstream{
### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server 9.8.7.6; ### DEFUPPROTO for common ###
sticky path=/; }
### UPSTREAMS LIST FOLLOWS HERE ###
#upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common { server 9.8.7.6 ; sticky path=/; } ### UPSTREAMPROTO for common ###
#GFADMIN
server {
listen *:80;
listen [::]:80;
server_name _;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
#ModSecurityEnabled on;
#ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;
proxy_temp_path /var/nginx/tmp/;
proxy_connect_timeout 5s;
error_page 500 502 503 504 /50x.html;
proxy_next_upstream error timeout http_500;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Remote-Port $http_x_remote_port;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
if ($http_x_remote_port = '' ) {
set $http_x_remote_port $remote_port;
}
location = /50x.html {
root html;
}
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
location @rescue {
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
#USERLOCATIONS
}
# server {
# listen *:8001;
# server_name backup.local;
#
# location / {
# proxy_pass http://default_upstream;
# add_header Set-Cookie "SRVGROUP=$group; path=/";
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Host $http_host;
# proxy_set_header X-Forwarded-For $http_x_forwarded_for;
# proxy_set_header X-URI $uri;
# proxy_set_header X-ARGS $args;
# proxy_set_header Refer $http_refer;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# }
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
我的浏览器应用始终得到:
无法加载https://api.mydomain.net:对预检请求的响应 没有通过访问控制检查:否'Access-Control-Allow-Origin' 标头出现在请求的资源上。起源 因此,不允许访问“ http://localhost:63343”。
即使我添加了此内容:
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
if ($request_method = "OPTIONS") {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, PUT, DELETE";
#
# Custom headers and headers various browsers *should* be OK with but aren"t
#
add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header "Access-Control-Max-Age" 1728000;
add_header "Content-Type" "text/plain; charset=utf-8";
add_header "Content-Length" 0;
return 204;
}
}
答案 0 :(得分:2)
问题是您正在回答预检请求,但是忘记了成功后在预检请求之后立即发出的主请求。因此,您只需为if
或GET
(或其他任何东西)添加另一个POST
语句,以添加相同的Access-Control-*
标头,并且主要添加Access-Control-Allow-Origin
:
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
}