Nginx Swoole 代理上的 CORS 配置是什么?
What's the config for CORS on a Nginx Swoole proxy?
这让我一直很沮丧。我一直在听经典台词:
No 'Access-Control-Allow-Origin' header is present on the requested
resource.
我是 运行 Ubuntu 16.04 上的最新稳定版 Nginx,Swoole 服务器配置为处理 PHP 中的 Laravel PHP 请求7.2.据我所知,一切正常。
Laravel api 在一个子域上,前端是在另一个子域上的 angular。到目前为止一切正常,所以我一直在尝试在后端站点上配置 CORS。
尽管配置了它,但它并没有识别出它的存在。是的,我每次更新配置时都会重新启动 nginx。出于开发目的,目前缓存已关闭。 Nginx 配置缩短如下:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
root /var/www/sub.example.com/;
index index.php;
server_name sub.example.com www.sub.example.com;
[redirect 301 part]
[php location]
}
## https://example.com redirects to https://www.example.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.sub.example.com;
[SSL certs]
[redirect 301 to sub.example.com]
}
## Serves https://sub.example.com
server {
server_name lhb.luminuxlab.com;
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
[SSL certs]
root /var/www/sub.example.com;
index index.php;
location / {
try_files $uri $uri/ /index.php?@swoole;
}
[php stuff]
location @swoole {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Ra$
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
proxy_set_header Host $http_host;
proxy_set_header Scheme $scheme;
proxy_set_header SERVER_PORT $server_port;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# IF https
proxy_set_header HTTPS "on";
proxy_pass http://127.0.0.1:1215$query_string;
}
}
我试过将 headers 转移到许多不同的地方,但我没有运气改变响应,用 curl
ping 服务器
curl -H "Access-Control-Request-Method: GET" -H "Origin: http://front.example.com" --head http://back.example.com/
没有提供任何有用的信息,并且似乎没有包含 CORS header。我尝试了 CORS header 命令的不同变体和配置,但没有响应。
有人知道可能出了什么问题吗?
好的,问题解决了。经过更多的实验,我发现访问控制 headers 的正确位置是在代理重定向到 swoole 之前的最终 https 重定向中。像这样:
## Serves https://sub.example.com
server {
server_name sub.example.com;
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
[ssl stuff]
add_header 'Access-Control-Allow-Origin' 'https://front.example.com';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
root /var/www/sub.example.com/;
....
location @swoole {
....
proxy_pass http://127.0.0.1:1215$query_string;
}
}
希望这对以后的人有所帮助。
这让我一直很沮丧。我一直在听经典台词:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
我是 运行 Ubuntu 16.04 上的最新稳定版 Nginx,Swoole 服务器配置为处理 PHP 中的 Laravel PHP 请求7.2.据我所知,一切正常。
Laravel api 在一个子域上,前端是在另一个子域上的 angular。到目前为止一切正常,所以我一直在尝试在后端站点上配置 CORS。
尽管配置了它,但它并没有识别出它的存在。是的,我每次更新配置时都会重新启动 nginx。出于开发目的,目前缓存已关闭。 Nginx 配置缩短如下:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
root /var/www/sub.example.com/;
index index.php;
server_name sub.example.com www.sub.example.com;
[redirect 301 part]
[php location]
}
## https://example.com redirects to https://www.example.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.sub.example.com;
[SSL certs]
[redirect 301 to sub.example.com]
}
## Serves https://sub.example.com
server {
server_name lhb.luminuxlab.com;
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
[SSL certs]
root /var/www/sub.example.com;
index index.php;
location / {
try_files $uri $uri/ /index.php?@swoole;
}
[php stuff]
location @swoole {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Ra$
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
proxy_set_header Host $http_host;
proxy_set_header Scheme $scheme;
proxy_set_header SERVER_PORT $server_port;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# IF https
proxy_set_header HTTPS "on";
proxy_pass http://127.0.0.1:1215$query_string;
}
}
我试过将 headers 转移到许多不同的地方,但我没有运气改变响应,用 curl
ping 服务器curl -H "Access-Control-Request-Method: GET" -H "Origin: http://front.example.com" --head http://back.example.com/
没有提供任何有用的信息,并且似乎没有包含 CORS header。我尝试了 CORS header 命令的不同变体和配置,但没有响应。
有人知道可能出了什么问题吗?
好的,问题解决了。经过更多的实验,我发现访问控制 headers 的正确位置是在代理重定向到 swoole 之前的最终 https 重定向中。像这样:
## Serves https://sub.example.com
server {
server_name sub.example.com;
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
[ssl stuff]
add_header 'Access-Control-Allow-Origin' 'https://front.example.com';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
root /var/www/sub.example.com/;
....
location @swoole {
....
proxy_pass http://127.0.0.1:1215$query_string;
}
}
希望这对以后的人有所帮助。