Nginx Access-Control-Allow-Origin 不起作用

Question

Nginx Access-Control-Allow-Origin 不起作用

尝试通过 Ajax 访问我的 API 时出现此错误：

请求的资源上不存在“Access-Control-Allow-Origin”标头。因此，不允许访问Origin ' http://localhost:9090 '。响应具有 HTTP 状态代码 404。

我的 NGINX 配置看起来像这样，我也在使用 Varnish。

server {
    listen 127.0.0.1:8080;
    server_name api.example.cc;

    access_log /var/log/nginx/api.access.log combined;
    error_log /var/log/nginx/api.error.log;

    root /home/spark/api.example.cc/web;
    #index index.php;
    try_files $uri /index.php;

    set $cache_uri $request_uri;
    location / {
            add_header 'Access-Control-Allow-Origin' 'http://localhost:9090';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
    }
}

Run Code Online (Sandbox Code Playgroud)

curl -X 选项 -i http://api.example.cc结果：

HTTP/1.1 204 No Content
Server: nginx/1.8.0
Date: Wed, 30 Dec 2015 20:14:27 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Max-Age: 1728000
Content-Type: text/plain charset=UTF-8
Content-Length: 0
X-Varnish: 65550
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive

Run Code Online (Sandbox Code Playgroud)

curl -X GET/POST -i http://api.example.cc结果：

HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Wed, 30 Dec 2015 20:23:17 GMT
Content-Type: text/html
Content-Length: 168
X-Varnish: 32823
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>

Run Code Online (Sandbox Code Playgroud)

Answer 1

小智 6

配置

add_header 'Access-Control-Allow-Origin' 'http://localhost:9090';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

Run Code Online (Sandbox Code Playgroud)

在“location / {...}”帮助我之前

Answer 2

GIJ*_*JOW 1

如果您在进行 cors 配置后运行出现 404 错误，或者无法绕过 cors 安全策略通过 ajax 访问您的 api，您可以尝试使用以下 nginx 配置：

server {
    listen 127.0.0.1:8080;
    server_name api.example.cc;

    access_log /var/log/nginx/api.access.log combined;
    error_log /var/log/nginx/api.error.log;

    root /home/sites/api.cc/web;
    #index index.php;
    try_files $uri /index.php;

    location ~ \.php$ {
                    try_files $uri =404;
                    fastcgi_split_path_info ^(.+\.php)(/.+)$;

                    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

                    # With php5-fpm:
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
                    fastcgi_index index.php;
                    include fastcgi_params;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                 if ($request_method = 'OPTIONS') {
                    more_set_headers 'Access-Control-Allow-Origin *' ;
                    #
                    # Om nom nom cookies
                    #
                    more_set_headers 'Access-Control-Allow-Credentials true';
                    more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS';
                    #
                    # Custom headers and headers various browsers *should* be OK with but aren't
                    #
                    more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
                    # Tell client that this pre-flight info is valid for 20 days
                    #
                    more_set_headers 'Access-Control-Max-Age' 1728000;
                    more_set_headers 'Content-Type' 'text/plain charset=UTF-8';
                    more_set_headers 'Content-Length' 0;
                    return 204;
             }
            if ($request_method = 'POST') {
                    more_set_headers 'Access-Control-Allow-Origin *' ;
                    more_set_headers 'Access-Control-Allow-Credentials true';
                    more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
                    more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS';
            }
            if ($request_method = 'GET') {
                    more_set_headers 'Access-Control-Allow-Origin *' ;
                    more_set_headers 'Access-Control-Allow-Credentials true';
                    more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
                    more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS';
            }
    }

Run Code Online (Sandbox Code Playgroud)

}

安装more_set_headers在你的 nginx 中使用apt-get install nginx-extras

希望能帮助到你

归档时间：	10 年，5 月前
查看次数：	16724 次
最近记录：	5 年前