"no-referrer-when-downgrade error" Angular Firebase 上的应用连接到 NGINX Jelastic
"no-referrer-when-downgrade error" Angular app on Firebase connecting to NGINX Jelastic
我有以下架构:
- 在 Google Firebase (HTTPS) 上托管的 Angular 网络应用程序
- 一个充满活力的环境:
- 一个 NGINX 服务器 (HTTPS)
- 一个 Springboot 2 应用服务器 (HTTP)
为了正常工作,Firebase 需要使用 HTTPS API,所以我向 NGINX 服务器添加了一个 SSL 证书和一个 public IP。如果我使用来自邮递员的 HTTP 调用 API,则调用工作正常。但是,如果我从 firebase 中的 Angular 应用程序调用 API HTTPS,它就不起作用,我会收到此错误:"Referrer Policy: no-referrer-when-downgrade" - net::ERR_CONNECTION_REFUSED.
我看到了 个问题,但我无法解决问题。
这是 nginx 配置文件。我用 XXX.XXX.XXX.XXX
替换了 IP 地址
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
include /etc/nginx/mime.types;
default_type application/octet-stream;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
log_format main '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
client_max_body_size 100m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
# gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
map $upstream_addr $group {
default "";
### MAPPING FOLLOWS HERE ###
### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this!
~XXX\.XXX\.XXX\.XXX\:80$ common; ### MAPPROTO for common ###
}
### DEFAULT UPSTREAM FOLLOWS HERE ###
upstream default_upstream{
### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server XXX.XXX.XXX.XXX; ### DEFUPPROTO for common ###
sticky path=/; keepalive 100;
}
### UPSTREAMS LIST FOLLOWS HERE ###
#upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common { server XXX.XXX.XXX.XXX ; sticky path=/; keepalive 100; } ### UPSTREAMPROTO for common ###
#GFADMIN
server {
listen *:80;
listen [::]:80;
server_name _;
#add_header Referrer-Policy "no-referrer"; # by Paolo
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
#ModSecurityEnabled on;
#ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;
proxy_temp_path /var/nginx/tmp/;
proxy_connect_timeout 5s;
error_page 500 502 503 504 /50x.html;
proxy_next_upstream error timeout http_500;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Remote-Port $http_x_remote_port;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
if ($http_x_remote_port = '' ) {
set $http_x_remote_port $remote_port;
}
location = /50x.html {
root html;
}
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
location @rescue {
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
#USERLOCATIONS
}
# server {
# listen *:8001;
# server_name backup.local;
#
# location / {
# proxy_pass http://default_upstream;
# add_header Set-Cookie "SRVGROUP=$group; path=/";
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Host $http_host;
# proxy_set_header X-Forwarded-For $http_x_forwarded_for;
# proxy_set_header X-URI $uri;
# proxy_set_header X-ARGS $args;
# proxy_set_header Refer $http_refer;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# }
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
这是conf.d/ssl.conf
的内容
#
# HTTPS server configuration
#
#server {
# listen 443;
# server_name _;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
虽然这是conf.d/ssl.conf.disabled
的内容
#
# HTTPS server configuration
#
server {
listen 443 http2;
listen [::]:443 http2;
server_name _;
ssl on;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers '*****removed by me*****';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
proxy_temp_path /var/nginx/tmp/;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
set $upstream_name common;
include conf.d/ssl.upstreams.inc;
proxy_pass http://$upstream_name;
proxy_next_upstream error;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Ssl-Offloaded "1";
}
}
您应该添加:
add_header 'Referrer-Policy' 'origin';
到/etc/nginx/conf.d/ssl.conf
我有以下架构:
- 在 Google Firebase (HTTPS) 上托管的 Angular 网络应用程序
- 一个充满活力的环境:
- 一个 NGINX 服务器 (HTTPS)
- 一个 Springboot 2 应用服务器 (HTTP)
为了正常工作,Firebase 需要使用 HTTPS API,所以我向 NGINX 服务器添加了一个 SSL 证书和一个 public IP。如果我使用来自邮递员的 HTTP 调用 API,则调用工作正常。但是,如果我从 firebase 中的 Angular 应用程序调用 API HTTPS,它就不起作用,我会收到此错误:"Referrer Policy: no-referrer-when-downgrade" - net::ERR_CONNECTION_REFUSED.
我看到了
这是 nginx 配置文件。我用 XXX.XXX.XXX.XXX
替换了 IP 地址
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
include /etc/nginx/mime.types;
default_type application/octet-stream;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
log_format main '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
client_max_body_size 100m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
# gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
map $upstream_addr $group {
default "";
### MAPPING FOLLOWS HERE ###
### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this!
~XXX\.XXX\.XXX\.XXX\:80$ common; ### MAPPROTO for common ###
}
### DEFAULT UPSTREAM FOLLOWS HERE ###
upstream default_upstream{
### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server XXX.XXX.XXX.XXX; ### DEFUPPROTO for common ###
sticky path=/; keepalive 100;
}
### UPSTREAMS LIST FOLLOWS HERE ###
#upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common { server XXX.XXX.XXX.XXX ; sticky path=/; keepalive 100; } ### UPSTREAMPROTO for common ###
#GFADMIN
server {
listen *:80;
listen [::]:80;
server_name _;
#add_header Referrer-Policy "no-referrer"; # by Paolo
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
#ModSecurityEnabled on;
#ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;
proxy_temp_path /var/nginx/tmp/;
proxy_connect_timeout 5s;
error_page 500 502 503 504 /50x.html;
proxy_next_upstream error timeout http_500;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Remote-Port $http_x_remote_port;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
if ($http_x_remote_port = '' ) {
set $http_x_remote_port $remote_port;
}
location = /50x.html {
root html;
}
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
location @rescue {
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
#USERLOCATIONS
}
# server {
# listen *:8001;
# server_name backup.local;
#
# location / {
# proxy_pass http://default_upstream;
# add_header Set-Cookie "SRVGROUP=$group; path=/";
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Host $http_host;
# proxy_set_header X-Forwarded-For $http_x_forwarded_for;
# proxy_set_header X-URI $uri;
# proxy_set_header X-ARGS $args;
# proxy_set_header Refer $http_refer;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# }
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
这是conf.d/ssl.conf
的内容#
# HTTPS server configuration
#
#server {
# listen 443;
# server_name _;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
虽然这是conf.d/ssl.conf.disabled
的内容#
# HTTPS server configuration
#
server {
listen 443 http2;
listen [::]:443 http2;
server_name _;
ssl on;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers '*****removed by me*****';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
proxy_temp_path /var/nginx/tmp/;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
set $upstream_name common;
include conf.d/ssl.upstreams.inc;
proxy_pass http://$upstream_name;
proxy_next_upstream error;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Ssl-Offloaded "1";
}
}
您应该添加:
add_header 'Referrer-Policy' 'origin';
到/etc/nginx/conf.d/ssl.conf