1. 首頁
  2. 問答
  3. Nginx的訪問控制允許來源不工作

Nginx的訪問控制允許來源不工作

2015-12-30 39 views
1

試圖通過Ajax訪問我的API和我得到這個錯誤:Nginx的訪問控制允許來源不工作

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://localhost:9090 ' is therefore not allowed access. The response had HTTP status code 404.

我NGINX配置是這樣的,我用光油了。

server { 
    listen 127.0.0.1:8080; 
    server_name api.example.cc; 

    access_log /var/log/nginx/api.access.log combined; 
    error_log /var/log/nginx/api.error.log; 

    root /home/spark/api.example.cc/web; 
    #index index.php; 
    try_files $uri /index.php; 

    set $cache_uri $request_uri; 
    location/{ 
      add_header 'Access-Control-Allow-Origin' 'http://localhost:9090'; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
    } 
}

捲曲-X選項-i http://api.example.cc結果:

HTTP/1.1 204 No Content 
Server: nginx/1.8.0 
Date: Wed, 30 Dec 2015 20:14:27 GMT 
Access-Control-Allow-Origin: * 
Access-Control-Allow-Credentials: true 
Access-Control-Allow-Methods: GET, POST, OPTIONS 
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization 
Access-Control-Max-Age: 1728000 
Content-Type: text/plain charset=UTF-8 
Content-Length: 0 
X-Varnish: 65550 
Age: 0 
Via: 1.1 varnish-v4 
Connection: keep-alive

捲曲-X GET/POST -i http://api.example.cc結果:

HTTP/1.1 403 Forbidden 
Server: nginx/1.8.0 
Date: Wed, 30 Dec 2015 20:23:17 GMT 
Content-Type: text/html 
Content-Length: 168 
X-Varnish: 32823 
Age: 0 
Via: 1.1 varnish-v4 
Connection: keep-alive 

<html> 
<head><title>403 Forbidden</title></head> 
<body bgcolor="white"> 
<center><h1>403 Forbidden</h1></center> 
<hr><center>nginx/1.8.0</center> 
</body> 
</html>

來源

2015-12-30 GIJOW

+0

你看到'curl -X OPTIONS -i http://127.0.0.1:8080'和GET/POST – kwarunek

+0

剛更新了信息的問題。謝謝 – GIJOW

+0

你是否分別用curl調用GET和POST?你應該得到403.是否阿賈克斯req使用相同的來源(域)? – kwarunek

回答

0

如果在404錯誤後做事運行cors配置或無法繞過cors安全策略通過ajax訪問您的api,您可以嘗試使用此nginx配置:

server { 
    listen 127.0.0.1:8080; 
    server_name api.example.cc; 

    access_log /var/log/nginx/api.access.log combined; 
    error_log /var/log/nginx/api.error.log; 

    root /home/sites/api.cc/web; 
    #index index.php; 
    try_files $uri /index.php; 

    location ~ \.php$ { 
        try_files $uri =404; 
        fastcgi_split_path_info ^(.+\.php)(/.+)$; 

        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini 

        # With php5-fpm: 
        fastcgi_pass unix:/var/run/php5-fpm.sock; 
        fastcgi_index index.php; 
        include fastcgi_params; 
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 

       if ($request_method = 'OPTIONS') { 
        more_set_headers 'Access-Control-Allow-Origin *' ; 
        # 
        # Om nom nom cookies 
        # 
        more_set_headers 'Access-Control-Allow-Credentials true'; 
        more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; 
        # 
        # Custom headers and headers various browsers *should* be OK with but aren't 
        # 
        more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
        # Tell client that this pre-flight info is valid for 20 days 
        # 
        more_set_headers 'Access-Control-Max-Age' 1728000; 
        more_set_headers 'Content-Type' 'text/plain charset=UTF-8'; 
        more_set_headers 'Content-Length' 0; 
        return 204; 
      } 
      if ($request_method = 'POST') { 
        more_set_headers 'Access-Control-Allow-Origin *' ; 
        more_set_headers 'Access-Control-Allow-Credentials true'; 
        more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
        more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; 
      } 
      if ($request_method = 'GET') { 
        more_set_headers 'Access-Control-Allow-Origin *' ; 
        more_set_headers 'Access-Control-Allow-Credentials true'; 
        more_set_headers 'Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
        more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; 
      } 
    }

}

安裝more_set_headers在您使用nginx apt-get install nginx-extras

希望它之前幫助

來源

2015-12-30 22:34:47 GIJOW

0

配置

add_header 'Access-Control-Allow-Origin' 'http://localhost:9090'; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

「位置/ {...}」 幫助我

來源

2017-08-28 13:43:10

相關問題

 相關問題