取消Access-Control-Allow-Origin:* 之后反而没有跨域问题?
提问于2021-01-08 10:31
浏览 1.3k
我在浏览器里打开前端页面,提示图中的跨域问题,我将allow的所有限制开放到最广,也没用。
最后注释了 add_header Access-Control-Allow-Origin '*'; 没想到 跨域提示就没有了,为什么会这样?
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
server {
listen 80;
server_name apmserver.xxxxxxxx;
charset utf-8;
access_log main;
location / {
# add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Methods 'GET,PUT,POST,OPTIONS,DELETE';
add_header Access-Control-Allow-Headers '*';
proxy_pass http://192.168.10.145:8200;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
access_log off;
expires 30d;
alias /app/static;
}
}
server {
listen 443 ssl;
server_name apmserver.xxxxxxxx;
ssl_certificate /usr/local/nginx/cert/lonsid.pem;
ssl_certificate_key /usr/local/nginx/cert/lonsid.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET,POST,OPTIONS';
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Allow-Credentials 'true';
proxy_pass http://192.168.10.145:8200;
proxy_set_header Host $http_host;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
access_log off;
expires 30d;
alias /app/static;
}
}
}
已修改于2023-03-17 02:12
写下您的回答
全部回答(1)
按点赞数排序
按时间排序
相关问答
URL必须符合规则,基于规则,/id=544422是fragment,而浏览器是不会将fragment发送给服务器的,因此所有广为使用的代理服务器都不会转发#后的fragment,Nginx的任何变量也取不到它,这更多是从web安全问题角度出发的。如果你确实想把#号传给上游,应当在请求端做URL编码,不把/id=544422当成fragment
点赞 0
浏览 5.2k点赞 0浏览 323保持联系
微信公众号
加入微信群
开放 · 包容 · 沟通 · 贡献
Copyright © F5, Inc. All Rights Reserved. F5 版权所有
