我正在尝试将CORS指令添加到我的nginx文件中,作为简单的静态HTML站点.(摘自http://enable-cors.org/server_nginx.html)
是否有理由抱怨第一个add_header指令说'add_header'指令不允许在这里'
我的配置文件示例
server {
if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
set $cors "true";
}
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
listen 8080;
location / {
root /var/www/vhosts/mysite;
}
}
Tan*_*Tat 23
add_header已被放置在任一http,server,location或if in location块.
你放在下面if in server.将它们移到location块下面.
server {
listen 8080;
location / {
root /var/www/vhosts/mysite;
if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
set $cors "true";
}
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
来源:http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Hsi*_*iao 14
if in location一些技巧可以绕过规则,因此您不必在每个location块中编写/包含CORS规则.
server {
set $cors_origin "";
set $cors_cred "";
set $cors_header "";
set $cors_method "";
if ($http_origin ~* "^http.*\.yourhost\.com$") {
set $cors_origin $http_origin;
set $cors_cred true;
set $cors_header $http_access_control_request_headers;
set $cors_method $http_access_control_request_method;
}
add_header Access-Control-Allow-Origin $cors_origin;
add_header Access-Control-Allow-Credentials $cors_cred;
add_header Access-Control-Allow-Headers $cors_header;
add_header Access-Control-Allow-Methods $cors_method;
}
这是有效的,因为如果nginx的值为空字符串,则不会返回标头.
首先,让我说,在网上浏览后,我发现这个答案随处可见:
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
但是,我决定用一个单独的答案回答这个问题,因为在花了大约十多个小时寻找解决方案之后,我才设法使这个特定的解决方案生效。
默认情况下,Nginx似乎没有定义任何[正确]字体MIME类型。通过遵循这个葬礼,我发现可以添加以下内容:
application/x-font-ttf ttc ttf;
application/x-font-otf otf;
application/font-woff woff;
application/font-woff2 woff2;
application/vnd.ms-fontobject eot;
到我的etc/nginx/mime.types档案。
如前所述,以上解决方案就可以了。显然,此答案旨在共享字体,但是绝对值得检查一下是否也为您也正在苦苦挣扎的任何其他资源定义了MIME类型(正确)。
| 归档时间: |
|
| 查看次数: |
23852 次 |
| 最近记录: |