NGINX - 即使设置了 Access-Control-Allow-Origin 也不存在

Posted 2023-03-04

【中文标题】NGINX - 即使设置了 Access-Control-Allow-Origin 也不存在

【英文标题】：NGINX - Access-Control-Allow-Origin not present even though it is set

【发布时间】：2018-04-19 22:33:35

【问题描述】：

每次我尝试设置 Access Control Allow Origin 方法时它总是返回；

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access. The response had HTTP status code 405.

当我一一删除它们以检查这一点时，它会读取所有其他标题集，并且在我这样做时会发生相关错误。唯一没有被阅读的是有问题的。

这是我的配置；

location / 
   add_header 'Access-Control-Allow-Credentials', 'true';
   add_header 'Access-Control-Allow-Origin' 'http://example.com';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
   add_header 'Access-Control-Expose-Headers' 'Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-CSRF-TOKEN, X-MODE';
   add_header 'Access-Control-Allow-Headers' 'X-CSRF-TOKEN';

   try_files $uri $uri/ /index.php?$query_string;

规格：Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-98-generic x86_64)

如果有人能看出我做错了什么，请分享！

问候

【问题讨论】：

尝试添加always 广告。 add_header 'Access-Control-Allow-Origin' 'http://example.com' always;。我认为问题可能是当您对 FPM 执行 proxy_pass 时，响应不会包含这些标头。也将这些移出location /，直接将它们放在服务器块中。看看有没有帮助

两种想法都试过了，还是一无所获

现在尝试将这些添加到您的 php 块中吗？

我让它们在两个位置块中都相同，以确保:-(

看看这是否有帮助***.com/questions/45986631/…

【参考方案1】：

这是我让它工作的唯一方法；

Laravel 的config/app.php

返回 [

/*
 |--------------------------------------------------------------------------
 | CORS
 |--------------------------------------------------------------------------
 |
 */
'allow_credentials'      => env( 'CORS_ALLOWE_CREDENTIALS', 'true' ),
'allowed_origins'        => env( 'CORS_ALLOWED_ORIGINS', '*' ),
'allowed_headers'        => env( 'CORS_ALLOWED_HEADERS', '*' ),
'allowed_methods'        => env( 'CORS_ALLOWED_METHODS', 'GET, POST, OPTIONS' ),
'exposed_headers'        => env( 'CORS_EXPOSED_METHODS', '' ),
'max_age'                => env( 'CORS_MAX_AGE', 0 )

];

Laravel 的public/index.php

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/

$kernel = $app->make('Illuminate\Contracts\Http\Kernel');

$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);

header("Access-Control-Allow-Origin: " . config( 'cors.allowed_origins' ) );
header("Access-Control-Allow-Headers: " . config( 'cors.allowed_headers' ) );
header("Access-Control-Allow-Methods: " . config( 'cors.allowed_methods' ) );
header("Access-Control-Max-Age: " . config( 'cors.max_age' ) );
header("Access-Control-Allow-Credentials: " . config( 'cors.allow_credentials' ) );

$response->send();

$kernel->terminate($request, $response);