This topic created in 3328 days ago, the information mentioned may be changed or developed.
参考的教程如下: http://serverfault.com/questions/162429/how-do-i-add-access-control-allow-origin-in-nginx 和 http://www.tuicool.com/articles/3aaQB3b 和 https://segmentfault.com/q/1010000003116113
自己尝试在 nginx.conf 文件中添加了
location / {
add_header Access-Control-Allow-Origin *;
}
和
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
丝毫不起作用,求助后端伙伴们,怎么搞?
console 里面的错误(不知道如何贴图,就只能贴 error 了)如下:
XMLHttpRequest cannot load https://www.mydomain.com/?/ac... No 'Access-Control-Allow-Origin' header is present on the https://www.mydomain.com/?/ac... requested resource. Origin 'https://www.mydomain.com' is therefore not allowed access.
自己尝试在 nginx.conf 文件中添加了
location / {
add_header Access-Control-Allow-Origin *;
}
和
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
丝毫不起作用,求助后端伙伴们,怎么搞?
console 里面的错误(不知道如何贴图,就只能贴 error 了)如下:
XMLHttpRequest cannot load https://www.mydomain.com/?/ac... No 'Access-Control-Allow-Origin' header is present on the https://www.mydomain.com/?/ac... requested resource. Origin 'https://www.mydomain.com' is therefore not allowed access.
43 replies 2017-03-29 10:37:54 +08:00
 | 2 kmdd33 OP  1 |
 | 3 ferrum Mar 27, 2017 别上来就贴一大堆格式乱了的配置啊,起码得说具体点吧。 |
 | 4 fanwei Mar 27, 2017 确实应该说清楚环境。比如油猴脚本里如果用 jquery 怎么设置都会有上面这个提示。必须用对应的 GM 函数。 |
| 6 kmdd33 OP |
 | 7 johnny23 Mar 27, 2017 via iPhone 我以前遇到这些问题 一怒之下把所有接口都做成 jsonp |
 | 10 ikaros Mar 27, 2017 我记得设置 * 好像是没用的, console 里的提示记得就是说当前 host 和*不匹配之类的, 你是真的需求让所有外部都可以访问? 我当时因为只有两个 host 需要做这个,于是就把这两个 host 存在一个 list 里面,然后看来访的 host 是不是在这个 list 里面,在的话就把这个 host 加到 header 里面 |
 | 11 Numbcoder Mar 27, 2017 把 add_header 'Access-Control-Allow-Origin' '*'; 改成 add_header Access-Control-Allow-Origin $http_origin; 试试 |
| 13 kmdd33 OP @ikaros 请问具体你是如何添加的呢?如果把*换成 https://www.mydomain.com. 放在自己的 Nginx.conf 文件里面,还是不行啊 |
 | 15 Showfom PRO 你没指定文件的后缀 我们的配置给你参考 # Cross domain webfont access location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~* .(ogg|ogv|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { add_header "Access-Control-Allow-Origin" "*"; add_header "Timing-Allow-Origin" "*"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; expires max; log_not_found off; } location ~* .(ttf|ttc|otf|eot|woff|woff2|svg|svgz)$ { add_header "Access-Control-Allow-Origin" "*"; add_header "Timing-Allow-Origin" "*"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; expires max; log_not_found off; } |
| 16 Showfom PRO preload 那段头部不是 https 可以忽略 |
 | 18 binux Mar 28, 2017 把返回头发出来啊, console 没有用 |
 | 22 jugelizi Mar 28, 2017 如果你要 post 就不能 * 要指定域名就可以了 |
 | 23 MinonHeart Mar 28, 2017 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * 这两个不能一起用。 Credentials 为 true , Access-Control-Allow-Origin 使用具体的值 |
| 24 kmdd33 OP |
| 27 kmdd33 OP |
| 28 MinonHeart Mar 28, 2017 @kmdd33 你截图中的 origin 还是* |
 | 29 jswh Mar 28, 2017 ajax 在发送正式数据之前会先用 HEAD 请求一次。你 HEAD 没有加 Access-Control-Allow-Origin |
| 31 kmdd33 OP @MinonHeart 现在 Access-Control-Allow-Origin 里面既有*也有 https://www.mydomain.com , 我把我的 nginx.conf 也截图了,您再分析一下怎么回事? https://cl.ly/2Z3S3W1Y0j3F/annotate ( header 头) https://cl.ly/0O0f2Q402R3R/annotate ( nginx.conf 截图) |
 | 33 yoke123 Mar 28, 2017 |
 | 34 Dlad Mar 28, 2017 后端代码里输出 Access-Control-Allow-Origin 头就可以了,现代浏览器都认识。 ie8 需要引入额外的 js ,并对 ajax 请求有一定要求。 |
 | 35 ljcarsenal Mar 28, 2017 你看看是不是报错的请求之前有个 option 方法的请求 |
 | 36 shuson Mar 28, 2017 cors 配置没问题,应该是其他没注意到的地方的问题 |
| 37 MinonHeart Mar 28, 2017 headers 中的同一个项不能多配,这东西又不是随便配的 最终配出来是 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: access-origin |
 | 38 banksiae Mar 28, 2017 噗噗,前几天刚遇到这个问题, Access-Control-Allow-Origin 的问题,后端 set_header ; cookie 的问题,统一域名或者 url 后面加上类 cookie 就行了 |
 | 39 qinxi Mar 28, 2017 其实反向代理可以解决跨域,还是服务端无感知的 |
 | 42 030 Mar 29, 2017 我前几天换 CloudFront 也碰到过这个,不过加了 add_header Access-Control-Allow-Origin *; 就好了,问题只是 CloudFront 会把 header cache ,好像和主题什么关系 |
Select Language