[nginx] CORS配置多域名详解程序员
2023-06-13 09:20:02 时间
access_log /var/log/nginx/www.your.com_access.log;
error_log /var/log/nginx/www.your.com_error.log;
set $cors_origin "";
if ( $http_origin ~ https?://.*.(a|b).com ) {
set $cors_origin $http_origin;
add_header Access-Control-Allow-Origin $cors_origin;
curl测试跨域是否生效,a.jpg要存在,查看Access-Control-Allow-Origin字段。
[[email protected] /usr/local/nginx/conf/conf.d]# curl -I -H "Origin: https://test.a.com" https://www.your.com/a.jpg HTTP/1.1 200 OK Date: Sun, 05 May 2019 06:12:53 GMT Content-Type: image/jpeg Content-Length: 134100 Connection: keep-alive Last-Modified: Tue, 05 Mar 2019 07:01:43 GMT ETag: "5c7e1ed7-20bd4" Expires: Tue, 04 Jun 2019 06:12:53 GMT Cache-Control: max-age=2592000 Access-Control-Allow-Origin: https://test.a.com Accept-Ranges: bytes
一个较完整的CORS,引用自https://enable-cors.org/server_nginx.html
[[email protected] /usr/local/nginx/conf/conf.d]# cat nginx_cors
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET, POST, OPTIONS;
# Custom headers and headers various browsers *should* be OK with but arent
add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type;
# Tell client that this pre-flight info is valid for 20 days
add_header Access-Control-Max-Age 1728000;
add_header Content-Type text/plain charset=UTF-8;
add_header Content-Length 0;
return 204;
if ($request_method = POST) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET, POST, OPTIONS;
add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type;
if ($request_method = GET) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET, POST, OPTIONS;
add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type;
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/2395.html
服务器部署程序员系统优化网站设置运维相关文章
- HaProxy 安装搭建配置
- WinServer2012配置AD域
- Nginx配置文件(nginx.conf)配置详解
- Nginx 配置中nginx和alias的区别分析
- Druid 介绍及配置「建议收藏」
- 怎么新建pytest的ini文件_pytest.ini配置
- allure安装配置「建议收藏」
- 华为交换机vlan配置教程
- nginx禁止ip访问,允许域名访问如何配置
- 使用nginx配置一个ip对应多个域名
- redirect_uri 域名与后台配置不一致 10003 解决方案
- 各平台小程序referer防盗链配置域名
- MAC 下配置 XAMPP 实现多站点绑定本地域名遇到的问题
- 用脚本收集centos7物理服务器的配置信息
- 微信登陆公众号失败显示:redirect_uri域名与后台配置不一致,错误码:10003,这是为什么?
- Linux下快速配置SSL证书(linux配置ssl)
- Linux下配置多个域名的步骤(linux多个域名)
- 微信扫普通链接二维码打开小程序 业务域名配置指南
- 配置Linux下虚拟域名配置指南(linux虚拟域名)
- Linux下配置域名服务器的步骤(linux配置域名服务器)
- Linux轻松配置SMTP服务器(linux 启动smtp)