我得到一个
XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://website1.com' is therefore not allowed access.
Website2 是使用 nginx 配置的:
server {
listen 80;
server_name website2.com;
root /var/www/website2;
index index.php index.html index.htm;
#try_files $uri $uri/ /index.php?$args;
client_max_body_size 20M;
location /ads {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
try_files $uri $uri/ /index.php?$args;
}
location / {
try_files $uri $uri/ /index.php?$args;
# proxy_pass http://127.0.0.1:2368/;
# proxy_set_header Host $host;
# proxy_buffering off;
}
gzip on;
gzip_vary on;
gzip_types text/javascript text/css text/xml application/xml application/xml+rss;
gzip_comp_level 9;
gzip_min_length 100;
gzip_buffers 16 8k;
gzip_proxied expired no-cache no-store private auth;
gzip_http_version 1.0;
gzip_disable "MSIE [1-6]\.";
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
include fastcgi_params;
fastcgi_param HTTPS $https;
fastcgi_pass_header X_SECURECONNECTION;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
fastcgi_pass 127.0.0.1:9000;
}
#preventing access to git
location ~ /\.(?:git).* {
deny all;
access_log off;
log_not_found off;
}
#preventing access to .htaccess or htpasswd
location ~ /\.ht.* {
deny all;
access_log off;
log_not_found off;
}
server_tokens off;
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location /images/ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
请求此网页的方式是: 1) 访问网站 1 的 PHP 文件。2)PHP文件死了一个html网页,其中包括website2中的javascript文件。3)Javascript使用ajax获取website2中不允许访问的html,它使用GET方法。
进程结束后,服务器地址仍然是 website1。
我也尝试将它添加到“位置/”。
有任何想法吗?
更新:
遵循此之后:http : //www.html5rocks.com/en/tutorials/cors/
鉴于 add_header 'Access-Control-Allow-Origin' 已添加到服务器上下文,而不是位置上下文,该错误未显示。
但是,它经常不起作用。三分之一或更少的请求仍然返回相同的错误:
XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://website1.com' is therefore not allowed access.
curl -I 显示:
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Apr 2015 10:30:55 GMT
Content-Type: text/html
Content-Length: 402
Last-Modified: Tue, 21 Apr 2015 09:13:44 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "553614c8-192"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
这个块的:
location /ads {
proxy_set_header 'Access-Control-Max-Age' 1728000;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_set_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
try_files $uri $uri/ /index.php?$args;
}
唯一能做任何事情的指令是 try_files - 因为没有发出代理请求。proxy_pass_header才有意义,如果proxy_pass也使用; 但它会将标头发送到代理服务器,而不是客户端,因此与 CORS 无关。
您正在寻找的指令是add_header - 一个有效的例子是:
location /ads {
add_header "Access-Control-Allow-Origin" "*";
...
try_files $uri $uri/ /index.php?$args;
}
这会将标头添加到发送回客户端(浏览器)的响应中。
| 归档时间: |
|
| 查看次数: |
37950 次 |
| 最近记录: |