2015-06-10 108 views
0

我使用Laravel5.1爲domain.com和upload.domain.com,同一腳本(複製粘貼並在配置中更改站點url文件)。XHR2文件上傳到Laravel5.1/nginx上傳模塊的子域令牌不匹配

會話域設置爲.domain.com,並在upload.domain.com上我已經添加了所有的CORS標頭upload.domain.com和AJAX帖子工作正常,並使用數據庫的會議。

我有以下nginx的配置:

location /upload { 

add_header Access-Control-Expose-Headers Accept-Ranges; 
add_header Access-Control-Expose-Headers Content-Encoding; 
add_header Access-Control-Expose-Headers Content-Length; 
add_header Access-Control-Expose-Headers Content-Range; 
add_header accept_ranges bytes; 

upload_state_store /tmp; 
upload_resumable on; 
add_header Pragma no-cache; 
add_header X-Content-Type-Options nosniff; 
#add_header Cache-control "no-story, no-cache, must-revalidate"; 

# Access control for CORS 
{ ....} 

add_header X-CSRF-Token $HTTP_X_CSRF_TOKEN; 
add_header X-XSRF-TOKEN $HTTP_X_CSRF_TOKEN; 
upload_set_form_field "_token" $HTTP_X_CSRF_TOKEN; 

client_max_body_size 4096m; 
upload_pass /internal_upload; 
upload_pass_args on; 

upload_store /storage/uploaded 1; 
upload_store_access user:r group:r all:r; 
upload_set_form_field $upload_field_name.name "$upload_file_name"; 
upload_set_form_field $upload_field_name.path "$upload_tmp_path"; 
upload_cleanup 400 404 499 500-505; 


} 

位置/ internal_upload {

proxy_pass http://upload.domain.com/fileupload/; 
proxy_redirect off; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

}

當這樣做XHR2請求我通過使用經由報頭中的標記:

xhr.setRequestHeader("X-CSRF-Token", globalObj._token); 
xhr.setRequestHeader("X-XSRF-TOKEN", globalObj._token); 

最後,當nginx將數據傳遞給子域上的後端應用程序時,最後問題就是引發了令牌不匹配異常。

我還注意到,domain.com設置了一個名爲X-XSRF-TOKEN的cookie,並使用domain.com作爲域名,upload.domain.com設置了另一個X-XSRF-TOKEN令牌,域名爲upload.domain.com 。這是正常的,因爲這兩個應用程序設置X-XSRF-TOKEN和值是不相等的,我想這可能是問題或者也許nginx剝離一些數據,然後將它們傳遞到後端?

回答

0

對於將來的參考,我必須發送在主域中設置的cookie以及xhr2請求。這是通過將xhr設置更改爲:

xhr.withCredentials = true;