【发布时间】:2014-01-20 13:04:23
【问题描述】:
我知道有人问过同一问题的不同版本,我已阅读在 SO 和 Google 上可以找到的所有相关问题和答案。
我正在尝试从 angularJS 应用程序向 nginx 服务器发出跨域请求。所有 GET 请求都正常运行,但我的 POST 请求没有。
Chrome 给了我一个“Access-Control-Allow-Origin”错误,所以我在我的 nginx 服务器配置中添加了以下内容:
location / {
if ($http_origin ~* (https?://.*\.mysite\.com(:[0-9]+)?)) {
set $cors "true";
}
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
# non-OPTIONS indicates a normal CORS request
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
# if it's a GET or POST, set the standard CORS responses header
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
#add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
#add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
#add_header 'Access-Control-Allow-Credentials' 'true';
#
# Return special preflight info
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
OPTIONS 请求返回状态为 204 并按预期添加标头:
Request URL:<code>http://otherSite/shfofx/PHP/Add/addTrade</code>
Request Method:OPTIONS
Status Code:204 No Content
Request Headers
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, x-requested-with, content-type
Access-Control-Request-Method:POST
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2
Cache-Control:no-cache
Connection:keep-alive
Host:otherSite
Origin:<code>http://test-shf.mysite.com</code>
Pragma:no-cache
Referer:<code>http://test-shf.mysite.com/portfolio</code>
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Response Headersview source
Access-Control-Allow-Headers:Authorization,Content-Type,Accept,Origin,User- Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With,Keep-Alive,If-Modified-Since
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:<code>http://test-shf.mysite.com</code>
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Length:0
Content-Type:text/plain charset=UTF-8
Date:Thu, 02 Jan 2014 22:54:58 GMT
Server:nginx/1.2.6 (Ubuntu)
然后我在 Chrome 网络选项卡中看到一个带有 POST 请求的网络调用,该调用被以下控制台输出取消:
XMLHttpRequest cannot load <code>http://otherSite/shfofx/PHP/Add/addTrade</code>.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://test-shf.mysite.com' is therefore not allowed access.
已取消的 POST 请求的标头信息为:
Request URL:<code>http://otherSite/shfofx/PHP/Add/addTrade</code>
Request Headers
Accept:application/json, text/plain, */*
Cache-Control:no-cache
Content-Type:application/json;charset=UTF-8
Origin:<code>http://test-shf.mysite.com</code>
Pragma:no-cache
Referer:<code>http://test-shf.mysite.com/portfolio</code>
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
X-Requested-With:XMLHttpRequest
Request Payload
{UserFIID:0, FinancialInstID:4, FinancialInstName:undefined, UserID:1, SHFUserID:1,…}
为什么允许预检 OPTIONS 请求但我的 POST 请求被取消?
【问题讨论】:
标签: angularjs nginx cross-domain cors