时间戳

首页 > 解决方案 > NGINX CORS 问题

ajax - NGINX CORS 问题

问题描述

有一台NGINX 1.16的服务器,用于通过AJAX上传文件

这里是NGINX文件的配置设置

location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
if ($request_method = "OPTIONS") {
    add_header Access-Control-Allow-Origin 'http://myserver.com';
    add_header Access-Control-Allow-Credentials false;
    add_header Access-Control-Allow-Methods 'DELETE,GET,OPTIONS,POST,PUT';
    add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Token-Auth,X-Mx-ReqToken,X-Requested-With';
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    add_header 'Content-Length' 0;

    return 204;
}

add_header Access-Control-Allow-Origin 'http://myserver.com';
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods 'DELETE,GET,OPTIONS,POST,PUT';
add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Token-Auth,X-Mx-ReqToken,X-Requested-With';
}

这是 CURL 的测试结果

在此处输入图像描述

当您尝试上传文件时,控制台中会显示 CORS 错误

在此处输入图像描述

也许有人在服务器上打开СORS时遇到了类似的行为,但仍然弹出错误?

UPD:还注意到标题未显示在浏览器中。有一种假设是这个原因,但是如何“强制”服务器给出标头呢?

在此处输入图像描述

标签: ajaxnginxcors

解决方案

add_header Access-Control-Allow-Origin ' http://myserver.com '; 你的设置是错误的。

   location / {
         if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            #
            # Custom headers and headers various browsers *should* be OK with but aren't
            #
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            #
            # Tell client that this pre-flight info is valid for 20 days
            #
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
            return 204;
         }
         if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
         }
         if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
         }
    }

推荐阅读