1. 首頁
  2. 問答
  3. 在NGINX對同一server.Cant有多種不同的網站重定向的請求使其工作(CORS)

在NGINX對同一server.Cant有多種不同的網站重定向的請求使其工作(CORS)

2017-10-17 52 views
0

我想從我的網站一個設置一些請求重定向到網站在NGINX對同一server.Cant有多種不同的網站重定向的請求使其工作(CORS)

這是我的網站nginx的配置一個

location /api { 

    add_header 'Access-Control-Allow-Origin' '*'; 
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
    add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
    add_header 'Access-Control-Max-Age' 1728000; 
    add_header 'Content-Type' 'text/plain; charset=utf-8'; 

    return 301 http://site-B.dev\$request_uri; 

}

即時得到這個錯誤控制檯:

無法 http://site-B.dev/api/route加載:響應 預檢請求未通過訪問控制檢查:否 「訪問控制允許來源」標題存在於所請求的資源 。因此不允許訪問原產地'http://site-A.dev'。

請求示例:

Request URL:http://site-A.dev/api/route 
Request Method:GET 
Status Code:301 Moved Permanently 
Remote Address:192.168.10.10:80 
Referrer Policy:no-referrer-when-downgrade 
Response Headers 
view source 
Access-Control-Allow-Headers:DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range 
Access-Control-Allow-Methods:GET, POST, OPTIONS 
Access-Control-Allow-Origin:* 
Access-Control-Expose-Headers:DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range 
Access-Control-Max-Age:1728000 
Connection:keep-alive 
Content-Length:185 
Content-Type:text/html 
Content-Type:text/plain; charset=utf-8 
Date:Tue, 17 Oct 2017 15:46:22 GMT 
Location:http://site-B.dev/api/route 
Server:nginx/1.13.3 
Request Headers 
view source 
Accept:application/json 
Accept-Encoding:gzip, deflate 
Accept-Language:pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 
Access-Control-Allow-Headers:X-PINGOTHER, Content-Type, Authorization, Content-Length, X-Requested-With 
Access-Control-Allow-Methods:PUT,GET,POST,DELETE,OPTIONS 
Connection:keep-alive 
Cookie:laravel_session=eyJpdiI6IjFteWJUNmNPZVhZRGZ1cVNGdXB5Ync9PSIsInZhbHVlIjoicVdGV2Q3XC9lV09MbEd3MTRyK0dYcE94R1BJbjdid3VUZDVTMVg2ZlJPT0o5aUFjYTg5UXY0c3RGc2JRYlJMVTc4eFk5bTViMGk0UmJZZUxZK2ZCeGZBPT0iLCJtYWMiOiIxMjZjNjg4ZDIwM2ZiYjc5Y2RhYmU3MjI3NTQxMmNmMTFiYWQxYWNlYzk5MWY0ZTZhYzQ5YTkyMGM0MDMzZDJlIn0%3D 
Host:dite-A.dev 
Referer:http://site-A.dev/ 
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

重定向的請求:

Request URL:http://site-B.dev/api/route 
Request Method:OPTIONS 
Status Code:200 OK 
Remote Address:192.168.10.10:80 
Referrer Policy:no-referrer-when-downgrade 
Response Headers 
view source 
Allow:GET,HEAD 
Cache-Control:no-cache, private 
Connection:keep-alive 
Content-Encoding:gzip 
Content-Type:text/html; charset=UTF-8 
Date:Tue, 17 Oct 2017 15:46:22 GMT 
Server:nginx/1.13.3 
Transfer-Encoding:chunked 
Request Headers 
view source 
Accept:*/* 
Accept-Encoding:gzip, deflate 
Accept-Language:pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 
Access-Control-Request-Headers:access-control-allow-headers,access-control-allow-methods 
Access-Control-Request-Method:GET 
Connection:keep-alive 
Host:site-B.dev 
Origin:http://site-A.dev 
Referer:http://site-A.dev 
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

它的奇怪,因爲即時得到成功響應,但它們是空的,如果我發送請求,直接到現場-B即時得到用正確的數據正常響應。

是否有解決我的問題?這是什麼問題,爲什麼我在控制檯中有這樣的錯誤,即使我添加Acess-Control-Allow-Origin頭?

來源

2017-10-17 Jan Ciołek

回答

1

基於錯誤代碼,它看起來你沒有配置爲處理預檢要求任何設置,請求類型將OPTIONS,在你的nginx的配置中添加了類似的塊來處理OPTIONS

location/{ 
    if ($request_method = 'OPTIONS') { 
     add_header 'Access-Control-Allow-Origin' '*'; 
     add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
     add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
     add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
     add_header 'Access-Control-Max-Age' 1728000; 
     add_header 'Content-Type' 'text/plain; charset=utf-8'; 
     add_header 'Content-Length' 0; 
     return 204; 
    }

來源

2017-10-17 18:21:45 David

相關問題

 相關問題