我有一个已经部署在Digital Ocean Droplet上的应用程序,因此该应用程序已经可以使用,但是它使用的是HTTP而不是HTTPS。因此,我要做的是首先为我的Web应用程序购买了一个证书,并启用了SSL并对其进行了测试(API仍基于HTTP)。登录后,尽管有些功能无法正常工作,但一切仍然有效,因为请求是从HTTPS站点发出的,但是数据源是从HTTP发出的。因此,我购买了证书并将我的API注册到HTTPS(我的API在Yii 1而不是2中运行)。成功启用我的API的SSL并登录后,突然一切都无法正常工作。我不认为这是Web应用程序的问题,因为尽管API是HTTP,它仍然能够登录。我试图将Nginx配置为可打开CORS。
server {
listen 443;
server_name api.test.com;
root /var/apps/myapp/current/workspace/api;
ssl on;
ssl_certificate /etc/ssl/www.test.chained.crt;
ssl_certificate_key /etc/ssl/www.test.key;
ssl_client_certificate /etc/ssl/www.client.test.chained.crt;
client_max_body_size 10M;
# deny protected folder
location ~ ^/protected/ {
deny all;
}
# deny .htaccess
location ~ /\.ht {
deny all;
}
location / {
#if (-f $document_root/maintenance.html) {
# return 503;
#}
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' '*' always;
#
# Om nom nom cookies
#
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
# add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*' always;
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }
# if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*' always;
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }
}
location ~ \.php$ {
root /var/apps/myapp/current/workspace/api;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param FF_BOOTSTRAP_ENVIRONMENT production;
fastcgi_param FF_BOOTSTRAP_CONFIG api/production;
}
}
server {
listen 80;
listen [::]:80;
server_name api.test.com;
return 301 https://$host$request_uri;
}
我发现我的API无法继续运行的问题是因为$request不再起作用。
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
$request = \Yii::app()->request;
$authMode = $request->getJSON('xAuthMode');
var_dump($authMode);
var_dump的结果现在为NULL。我不明白为什么启用SSL会导致这种情况发生。通过在后端添加以下代码段,我可以从Web应用程序启用CORS:
import Koa from 'koa'
import cors from '@koa/cors'
const app = new Koa()
app.use(cors())
我能够绕过CORS问题,但可悲的是,有效负载已在API上消失了。在Yii上使用SSL之前,有人尝试过此问题吗?我的NGINX配置是否也有问题?我不知道从哪里开始。
编辑:
这是我的urlManager
<?php
namespace api\app;
/**
*
*/
class UrlManager extends \CUrlManager
{
/**
*
* @return UrlManager
*/
public static function instance()
{
return \Yii::app()->getUrlManager();
}
/**
* Convert dashes in urls to camelCase so they can be mapped to
* controllers/actions.
*/
public function parseUrl($request)
{
$route = parent::parseUrl($request);
if (strpos($route, '-') === false) {
return $route;
}
if (substr_count($route, '/') > 2) { // There are query string variables
// Cut from the third "/"
$offset = 0;
$pos = 0;
for ($i = 0; $i < 3; $i++) {
$pos = strpos($route, '/', $offset);
echo 'pos = ' . $pos . PHP_EOL;
$offset += strpos($route, '/', $offset) + 1;
echo 'offset = ' . $offset . PHP_EOL;
}
$postfix = substr($route, $pos);
$route = substr($route, 0, $pos);
}
$route = lcfirst(str_replace(' ', '', ucwords(str_replace('-', ' ', $route))));
if (isset($postfix)) {
$route .= $postfix;
}
return $route;
}
}