学习
实践
活动
工具
TVP
写文章

小心 Nginx 的 add_header 指令

主站点在nginx.conf中配置了HSTS等header: add_header Strict-Transport-Security "max-age=63072000; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection " 点开官网add_header的文档,有这样的描述(其他信息已省略): There could be several add_header directives. 即:仅当当前层级中没有add_header指令才会继承父级设置。所以我的疑问就清晰了:location中有add_header,nginx.conf中的配置被丢弃了。 例如: location /foo1 { add_header foo1 1; rewrite / /foo2; } location /foo2 { add_header foo2

1.7K20

Nginx 跨域 add_header 403状态下无效

整理代码如下,添加在 location 节点 add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Max-Age ' '1000'; add_header 'Access-Control-Allow-Methods' "POST, GET, OPTIONS, DELETE, PUT"; add_header 'Access-Control-Allow-Headers add_header解释 最终nginx配置成下边的样子,解决问题。 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Max-Age' '1000' always ; add_header 'Access-Control-Allow-Methods' "POST, GET, OPTIONS, DELETE, PUT" always; add_header 'Access-Control-Allow-Headers

2.4K21
  • 广告
    关闭

    11.11云上盛惠

    万元礼包限时领取,百款云产品特惠助力上云,云服务器2核2G低至4.2元/月

  • 您找到你想要的搜索结果了吗?
    是的
    没有找到

    nginx add_header 仅部分或一次生效的原因与解决办法

    header字段,判断是否真的去请求了,而不是随意给我返回个200(恩,是有这种坑货代理的) location /proxyTest { default_type text/plain; add_header = ""){ add_header 'anonymous' 'no'; } return 200 '$remote_addr - $remote_user [$time_local 其实就是 add_header仅生效在最近的一个{}当中。 所以。。 简单的办法就是if里面再写一遍add_header 'Mutex' 'ProxyTest_Xuing'; 嘛,一般人应该不会有这个问题。

    49220

    http跨域问题

    (eot|ttf|otf|woff)$ { add_header Access-Control-Allow-Origin *; root 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, ,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length ' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers

    68520

    vue+axios跨域post请求json格式问题

    的配置如下: 说明,下面的Access-Control-Allow-Origin的值改成你自己发起的Origin if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Origin' 'http:// localhost:8084'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header localhost:8084'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header

    2.2K20

    014.Nginx跨域配置

    = "OPTIONS") { 6 add_header 'Access-Control-Max-Age' 86400; 7 add_header 注意:如上的 add_header 最后都可以加上了 always,它表示不管返回状态码是多少都会使 add_header 生效,有些时候服务端可能会返回 4XX 的状态码,这时候如果少了 always 会导致 add_header 失效,从而导致浏览器报跨域错误。 add_header 'Access-Control-Allow-Credentials' 'true'; 23 add_header 'Access-Control-Allow-Headers ' 86400; 18 add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS'; 19 add_header

    2.6K40

    nginx解决no-referrer-when-downgrade,设置了‘Access-Control-Allow-Origin‘ ‘*‘依旧跨域

    location /api { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow_Credentials ,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF- 8'; add_header 'Content-Length' 0; add_header 'Access-Control-Allow-Origin add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,

    2.7K20

    Nginx 设置cors跨域

    location / { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, ' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers "; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_headeradd_header 'Content-Type' 'text/html charset=UTF-8'; add_header 'Content-Length' 0

    85140

    SpringBoot 与 Nginx跨域配置

    'Access-Control-Allow-Origin' '*';         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS ' 1728000;         add_header 'Content-Type' 'text/plain; charset=utf-8';         add_header 'Content-Length ' '*';         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         add_header 'Access-Control-Allow-Headers add_header 'Content-Length' 0;         return 204;     }     if ($request_method = 'POST') {         add_header 'Access-Control-Allow-Origin' '*';         add_header 'Access-Control-Allow-Methods' 'GET,

    22920

    wokerman 外网ip端口访问,Nginx跨域配置,htpps,ssl,wss

    'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials' 'true'; 4.2 允许这些请求 add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH , OPTIONS'; 4.3 设置header add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials

    62831

    使用nginx代理跨域,使用nginx代理bing的每日一图

    'Access-Control-Allow-Origin' 'http://localhost:8088'; add_header 'Cache-Control' 'public, max-age =604800'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods 'Access-Control-Allow-Origin' "$http_origin"; add_header 'Access-Control-Allow-Credentials , accept, content-type'; add_header 'Access-Control-Max-Age' 2592000; add_header 'Content-Length' 0; add_header 'Content-Type' 'text/plain, charset=utf-8';

    1.4K80

    nginx配置跨域访问,无法生效_页面跨域访问

    'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header Cache-Control private; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header Cache-Control private; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,PATCH,

    7320

    Nginx 配置相关--Gzip压缩、CORS

    --IP-->)) { set $cors "true"; } if ($cors = "true") { add_header 'Access-Control-Allow-Origin ' "http://xxxxxx.xxx"; #add_header 'Access-Control-Allow-Credentials' "true"; add_header 'Access-Control-Max-Age' 86400; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS , DELETE'; add_header 'Access-Control-Allow-Headers' 'reqid, nid, host, x-real-ip, x-forwarded-ip , event-type, event-id, accept, content-type'; add_header 'Content-Length' 0; add_header

    18520

    nginx https 开发 DATUAT环境配置

    Content-Security-Policy upgrade-insecure-requests; add_header X-Frame-Options SAMEORIGIN; proxy_pass Content-Security-Policy upgrade-insecure-requests; add_header X-Frame-Options SAMEORIGIN; proxy_pass Content-Security-Policy upgrade-insecure-requests; add_header X-Frame-Options SAMEORIGIN; proxy_pass Content-Security-Policy upgrade-insecure-requests; add_header X-Frame-Options SAMEORIGIN; proxy_pass Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET,POST'; add_header Access-Control-Allow-Headers

    7020

    nginx中alias

    'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset =utf-8'; add_header 'Content-Length' 0; add_header 'Access-Control-Allow-Credentials ; add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods 'GET, OPTIONS'; add_header Access-Control-Allow-Credentials "true"; add_header Access-Control-Allow-Headers $http_access_control_request_headers; alias

    11310

    使用Nginx来解决跨域的问题

    然后后端接口没有设置跨域相关的响应设置头,因此就接口和我们 域名就会存在跨域的情况,因此我们可以使用 nginx服务器来配置一下; 网上很多资料将 在nginx配置下 加如下代码就可以解决跨域的问题; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Methods Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header add_header Access-Control-Allow-Origin http://a.xxx.com; 如上配置就可以使用nginx解决跨域的问题了; 因此代码变为如下: server { Access-Control-Allow-Origin http://a.xxx.com; add_header Access-Control-Allow-Credentials true;

    4.2K30

    利用NextCloud配置私有云

    Content - Type - Options nosniff; add_header X - Frame - Options "SAMEORIGIN"; add_header X - XSS - Protection "1; mode=block"; add_header X - Robots - Tag none; add_header X - Download "public, max-age=7200"; add_header X - Content - Type - Options nosniff; add_header X - Frame - Options "SAMEORIGIN"; add_header X - XSS - Protection "1; mode=block"; add_header X - Robots - Tag none; add_header X - Download - Options noopen; add_header X - Permitted

    2.7K61

    系统服务化构建-跨域CROS

    (eot|ttf|woff|woff2|svg)$ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, ,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length ' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers

    40220

    Nginx 轻松搞定跨域问题!

    官方文档是这样说的: There could be several add_header directives. 意思就是当前层级无 add_header 指令时,则继承上一层级的add_header。相反的若当前层级有了add_header,就应该无法继承上一层的add_header。  'content-type,authorization';             add_header Access-Control-Allow-Methods 'PUT';#为这么只加在这个if中  '*';             add_header Access-Control-Allow-Methods '*';             add_header Access-Control-Allow-Credentials  '*';         add_header Access-Control-Allow-Methods '*';         add_header Access-Control-Allow-Credentials

    20830

    扫码关注腾讯云开发者

    领取腾讯云代金券