docker - Nginx CORS 政策问题
问题描述
我正在尝试在我的 Nginx 容器上设置 CORS 策略。
我把它放到我的 Nginx 设置中:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
location ~* \.(?:gif|jpe?g|png|jpg)$ {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 80;
server_name api.example.com;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
return 301 https://www.example.com$request_uri;
}
server {
server_name www.example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
ssl on;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_bind 127.0.0.1;
proxy_pass http://localhost:11700;
}
location ~* \.(?:gif|jpe?g|png|jpg)$ {
root /some/dir;
}
}
server {
server_name api.example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
ssl on;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_bind 127.0.0.1;
proxy_pass http://localhost:11900;
}
}
server {
listen 11700;
server_name localhost;
index index.html index.htm;
charset utf-8;
root /some/other/dir;
client_max_body_size 100M;
fastcgi_read_timeout 1800;
location / {
try_files $uri $uri/ @rewrites;
}
location @rewrites {
rewrite ^(.+)$ /index.html last;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
server {
listen 11900;
server_name localhost;
root /some/another/di/r;
index index.php index.html index.htm;
charset utf-8;
client_max_body_size 100M;
fastcgi_read_timeout 1800;
location / {
rewrite ^(/.*)$ /api$1 break;
proxy_pass http://127.0.0.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
try_files $uri $uri/ /index.php?_url=$uri&$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass php-fpm:9000;
fastcgi_index /index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
当我尝试启动测试时,我收到 XMLHttpRequest 错误:
从源“ https://www.example.com ”访问“ https://api.example.com/some/url/index?page=1 ”处的 XMLHttpRequest已被 CORS 策略阻止:对预检请求的响应不'不通过访问控制检查:请求的资源上不存在'Access-Control-Allow-Origin'标头。
它可能是什么?
解决方案
您需要允许从www.example.com
您的 api 域访问api.example.com
,因此在 api.example.com 的虚拟主机中,server_name
在其他add_header
指令下或下添加以下行:
add_header 'Access-Control-Allow-Origin www.example.com';
有关 CORS 的更多信息,您可以查看以下内容:
推荐阅读
- algorithm - 获取最接近的 k 个项目的最有效实现
- javascript - 如何在我的 Angular 4.x 项目中使用 js 库作为模块?
- asp.net-web-api - 如何在 asp.net web api 项目中实现 soa 概念?
- apache-spark - 为什么persist(StorageLevel.MEMORY_AND_DISK) 给出的结果与使用HBase 的cache() 不同?
- react-native - 为什么显示红色偶数代码是正确的?
- python - 查找模式的所有匹配项并在文本文件中替换它们
- c# - 为什么我的数据绑定对 PropertyChange 没有反应?
- javascript - jQuery评论系统不工作
- reactjs - 删除一个使用 react-select 模块呈现的选择框
- python-3.x - Python3 中的 print() 是原子的吗?