Nginx 和启用 CORS

Question

NGINX 配置未启用 CORS

我整天都在搜索如何启用交叉请求，但到目前为止我一无所获，我有一个 Angular 应用程序在 127.0.0.1:3081/3080 上提供服务，我希望它向一个 API 发出 CORS 请求当前在运行 nginx 1.11 的 vagrant 虚拟机上运行。

server {
listen 80;
listen 443 ssl http2;
server_name harzreisen.test;
root "/home/vagrant/Code/harzreisen2/harzreisen-server/api";

index index.html index.htm index.php;

charset utf-8;

access_log off;
error_log  /var/log/nginx/harzreisen.test-error.log error;

sendfile off;

client_max_body_size 100m;

location / {

  dav_methods PUT DELETE MKCOL COPY MOVE;

  # Preflighted requestis
  if ($request_method = OPTIONS) {
    add_header "Access-Control-Allow-Origin" *;
    add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD, DELETE";
    add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    return 200;
  }

  # CORS WHITELIST EVERYTHING
  # This is allowing everything because I am running
  # locally so there should be no security issues.
  if ($request_method = (GET|POST|OPTIONS|HEAD|DELETE)) {
    add_header "Access-Control-Allow-Origin" *;
    add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
  }

   try_files $uri $uri/ /index.php$is_args$args;
}
}

只是网站没有达到 POST 请求，它给了我 200 个选项，仅此而已.. 有人可以解释我发生了什么吗？

Answer 1

我建议在 nginx.conf 上使用more_set_headers 而不是add_header；按照你的例子：

    more_set_headers "Access-Control-Allow-Origin" *;
    more_set_headers "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD, DELETE";
    more_set_headers "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    (...)

more_set_headers 指令是 HttpHeadersMore 模块的一部分，该模块包含在 nginx 的 nginx-extras flavor 中，您可以通过以下操作将其安装在 ubuntu 16 上：

sudo apt-get install nginx-extras