Nginx CORS 政策问题

【问题标题】:Nginx CORS Policy IssueNginx CORS 政策问题
【发布时间】:2019-03-18 03:43:49
【问题描述】:

我正在尝试在我的 Nginx 容器上设置 CORS 策略。

我已经把它放到我的 Nginx 设置中了:

server {
    listen      80;
    listen [::]:80;
    server_name example.com www.example.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }

    location ~* \.(?:gif|jpe?g|png|jpg)$ {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

server {
    listen        80;
    server_name   api.example.com;
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;
    return 301 https://www.example.com$request_uri;
}

server {
    server_name www.example.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    ssl on;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_bind 127.0.0.1;
        proxy_pass http://localhost:11700;
    }
    location ~* \.(?:gif|jpe?g|png|jpg)$ {
        root /some/dir;
    }
}

server {
    server_name api.example.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    ssl on;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_bind 127.0.0.1;
        proxy_pass http://localhost:11900;
    }
}

server {
    listen        11700;
    server_name   localhost;
    index index.html index.htm;
    charset utf-8;
    root /some/other/dir;
    client_max_body_size 100M;
    fastcgi_read_timeout 1800;
    location / {
        try_files $uri $uri/ @rewrites;
    }
    location @rewrites {
        rewrite ^(.+)$ /index.html last;
    }
    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
        expires max;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }
}
server {
    listen        11900;
    server_name   localhost;
    root /some/another/di/r;
    index index.php index.html index.htm;
    charset utf-8;
    client_max_body_size 100M;
    fastcgi_read_timeout 1800;
    location / {
        rewrite ^(/.*)$ /api$1 break;
        proxy_pass http://127.0.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect    off;
        try_files $uri $uri/ /index.php?_url=$uri&$args;
    }
    location ~ [^/]\.php(/|$) {
        fastcgi_pass  php-fpm:9000;
        fastcgi_index /index.php;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        include fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
}

当我尝试启动测试时,我收到 XMLHttpRequest 错误:

访问 XMLHttpRequest 在 'https://api.example.com/some/url/index?page=1' 来自原点 'https://www.example.com' 已被 CORS 策略阻止:响应 预检请求未通过访问控制检查:否 请求中存在“Access-Control-Allow-Origin”标头 资源。

可能是什么?

【问题讨论】:

  • 应该放在哪一行?我查看了此文档,但没有得到任何结果请指出它应该在哪里

标签: docker nginx cors


【解决方案1】:

您需要允许从您的 api 域 api.example.com 上的 www.example.com 访问,因此在 api.example.com 的虚拟主机中,在 server_name 或其他 add_header 指令下添加以下行:

add_header 'Access-Control-Allow-Origin www.example.com';

有关 CORS 的更多信息,您可以查看以下内容:

【讨论】:

  • 确认一下,您是通过 www.example.com 访问 api 吗?
猜你喜欢
  • 2020-12-23
  • 2020-01-15
  • 2021-06-24
  • 2021-12-07
  • 2020-06-29
  • 2020-07-28
  • 2022-01-20
  • 2020-03-30
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode