展开

关键词

小心 Nginx 的 add_header 指令

X-Frame-Options SAMEORIGIN;add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection 1; 点开官网add_header的文档,有这样的描述(其他信息已省略):There could be several add_header directives. 即:仅当当前层级中没有add_header指令才会继承父级设置。所以我的疑问就清晰了:location中有add_header,nginx.conf中的配置被丢弃了。 但深入体会这句话,会发现更有意思的现象:仅最近一处的add_header起作用。http、server和location三处均可配置add_header,但起作用的是最接近的配置,往上的配置都会失效。 例如:location foo1 { add_header foo1 1; rewrite foo2;} location foo2 { add_header foo2 1; return 200 OK

1.1K20

Nginx 跨域 add_header 403状态下无效

当然,一开始直接上,js报报一堆 No Access-Control-Allow-Origin header 的错误,那很明显了,nginx允许跨域的关键, 使用add_header函数添加头即可。 整理代码如下,添加在 location 节点add_header Access-Control-Allow-Origin *;add_header Access-Control-Max-Age 1000 ;add_header Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT;add_header Access-Control-Allow-Headers add_header解释 最终nginx配置成下边的样子,解决问题。 add_header Access-Control-Allow-Origin * always;add_header Access-Control-Max-Age 1000 always;add_header

1.3K10
  • 广告
    关闭

    云加社区有奖调研

    参与社区用户调研,赢腾讯定制礼

  • 您找到你想要的搜索结果了吗?
    是的
    没有找到

    nginx add_header 仅部分或一次生效的原因与解决办法

    head请求,通过header字段,判断是否真的去请求了,而不是随意给我返回个200(恩,是有这种坑货代理的)location proxyTest { default_type textplain; add_header = ){ add_header anonymous no; } return 200 $remote_addr - $remote_user $request $status $body_bytes_sent 其实就是 add_header仅生效在最近的一个{}当中。 所以。。简单的办法就是if里面再写一遍add_header Mutex ProxyTest_Xuing;嘛,一般人应该不会有这个问题。 就写到这里了 hhhh参考链接: https:www.peterbe.complogbe-very-careful-with-your-add_header-in-nginx

    20820

    Nginx 设置cors跨域

    location { if ($request_method = OPTIONS) { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods Access-Control-Max-Age 1728000; add_header Content-Type textplain; charset=utf-8; add_header Content-Length 0; return 204; } if ($request_method = POST) { add_header Access-Control-Allow-Origin *; add_header *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers Access-Control-Allow-Credentials true; add_header Access-Control-Max-Age 1728000; # 20 天 add_header

    58740

    http跨域问题

    (eot|ttf|otf|woff)$ { add_header Access-Control-Allow-Origin *; root htmlwwwweibo; #解决图片跨域问题 } location Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; # # Custom Access-Control-Max-Age 1728000; add_header Content-Type textplain; charset=utf-8; add_header Content-Length 0; return 204; } if ($request_method = POST) { add_header Access-Control-Allow-Origin *; add_header *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers

    55920

    vue+axios跨域post请求json格式问题

    nginx的配置如下:说明,下面的Access-Control-Allow-Origin的值改成你自己发起的Originif ($request_method = OPTIONS) { add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Origin http:localhost:8084; add_header 1728000; add_header Content-Type textplain charset=UTF-8; add_header Content-Length 0; return 204; } if ($request_method = POST) { add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Origin http:localhost:8084; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers

    1.8K20

    nginx解决no-referrer-when-downgrade,设置了‘Access-Control-Allow-Origin‘ ‘*‘依旧跨域

    location api { add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow_Credentials true always; add_header Access-Control-Allow-Headers Authorization,Accept,Origin,DNT,X-CustomHeader, Access-Control-Max-Age 1728000; add_header Content-Type textplain charset=UTF-8; add_header Content-Length 0; add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow_Credentials true always; add_header Access-Control-Allow-Headers Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive

    40420

    014.Nginx跨域配置

    , event-type, event-id, accept, content-type; 9 add_header Content-Length 0; 10 add_header Content-Type 注意:如上的 add_header 最后都可以加上了 always,它表示不管返回状态码是多少都会使 add_header 生效,有些时候服务端可能会返回 4XX 的状态码,这时候如果少了 always 会导致 add_header 失效,从而导致浏览器报跨域错误。 *; 6 add_header Access-Control-Allow-Headers *; 7 add_header Access-Control-Allow-Methods *; 8 # OPTIONS true; 15 add_header Access-Control-Max-Age 86400; 16 add_header Access-Control-Allow-Headers Authorization

    1.4K40

    SpringBoot解决ajax跨域问题

    *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers Access-Control-Max-Age 1728000; add_header Content-Type textplain; charset=utf-8; add_header Content-Length 0; return 204; } if ($request_method = POST) { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers DNT,X-CustomHeader Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header

    51040

    使用nginx代理跨域,使用nginx代理bing的每日一图

    Access-Control-Allow-Origin http:localhost:8088; add_header Cache-Control public, max-age=604800; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; rewrite Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Credentials true; add_header 2592000; add_header Content-Length 0; add_header Content-Type textplain, charset=utf-8; # indicate successful , accept, content-type; add_header Access-Control-Max-Age 2592000; add_header Cache-Control public, max-age

    1K80

    免费快捷一键生成SSL证书

    MD5; ssl_prefer_server_ciphers on; location { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive ,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers ; add_header Content-Type textplain charset=UTF-8; add_header Content-Length 0; return 204; } proxy_pass

    6210

    跨域访问支持(Spring Boot、Nginx、浏览器)

    *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers Access-Control-Max-Age 1728000; add_header Content-Type textplain; charset=utf-8; add_header Content-Length 0; return 204; } if ($request_method = POST) { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers DNT,X-CustomHeader Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header

    83050

    爬坑 http协议的options请求

    .; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Expose-Headers Content-Disposition; add_header Access-Control-Max-Age 604800; location { if ($request_method = OPTIONS ) { #add_header Access-Control-Allow-Origin *; #add_header Access-Control-Allow-Credentials true; #add_header Access-Control-Allow-Methods GET, POST, OPTIONS; #add_header Access-Control-Max-Age 1728000; #add_header Content-Length 0; return 204; } proxy_pass http:127.0.0.1:9008; proxy_set_header

    13410

    Nginx+ownCloud+PHP+MySQL搭建私有云

    #add_header Strict-Transport-Security max-age=15552000; includeSubDomains; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection 1; mode=block; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection 1; mode=block; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies

    89520

    Nginx Header,实现对HTTPS请求、响应进行添加、修改、删除等操作

    name value ; Default: — Context: http, server, location, if in location 例如:add_header Content-Type texthtml 例如:fastcgi_hide_header Content-Type;proxy_hide_header Content-Type;add_header Content-Type textcss;添加请求 (css)$ ) { add_header Content-Type textcss;} if ( $request_uri ~ .*. (html|htm|php|php5)$ ) { add_header Content-Type texthtml;charset=utf-8;} if ( $request_uri ~ .*. Access-Control-Allow-Origin *;add_header Access-Control-Allow-Headers X-Requested-With;add_header Access-Control-Allow-Methods

    4.8K30

    利用NextCloud配置私有云

    aNULL; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; add_header X - Content - Type - Options nosniff; add_header X - Frame - Options SAMEORIGIN; add_header X - XSS - Protection 1; mode =block; add_header X - Robots - Tag none; add_header X - Download - Options noopen; add_header X - Permitted =7200; add_header X - Content - Type - Options nosniff; add_header X - Frame - Options SAMEORIGIN; add_header X - XSS - Protection 1; mode=block; add_header X - Robots - Tag none; add_header X - Download - Options

    2.4K61

    Nginx 配置相关--Gzip压缩、CORS

    也可以直接将所有请求都返回 Access-Control-Allow-* , 但是并不推荐if ($http_origin ~* ()) { set $cors true;} if ($cors = true) { add_header Access-Control-Allow-Origin http:xxxxxx.xxx; #add_header Access-Control-Allow-Credentials true; add_header Access-Control-Max-Age 86400; add_header Access-Control-Allow-Methods GET, POST, OPTIONS, DELETE; add_header Access-Control-Allow-Headers reqid, nid, host, x-real-ip, x-forwarded-ip, event-type, event-id, accept, content-type; add_header Content-Length 0; add_header Content-Type textplain, charset=utf-8; return 204;}

    12920

    使用 Nextcloud 3分钟搭建个人网盘

    . # add_header Strict-Transport-Security max-age=15768000; # includeSubDomains; preload;; # # WARNING X-Content-Type-Options nosniff; add_header X-XSS-Protection 1; mode=block; add_header X-Robots-Tag none ; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection 1; mode=block; add_header X-Robots-Tag none ; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header

    46920

    Nginx解决跨域资源问题:No Access-Control-Allow-Origin header is present on the requested resource.

    将下面代码插入到域名所在server配置下location { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Methods GET, POST, OPTIONS; add_header Access-Control-Allow-Headers X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range; add_header Access-Control-Expose-Headers Content-Length,Content-Range; if ($request_method = OPTIONS) { add_header Access-Control-Max-Age 1728000; add_header Content-Type textplain; charset=utf-8; add_header Content-Length

    3.9K10

    Nginx配置跨域响应头解决跨域问题

    Load configuration files for the default server block. include etcnginxdefault.d*.conf; location { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow_Credentials true; add_header Access-Control-Allow-Headers Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,PUT,DELETE,PATCH; if ($request_method = OPTIONS) { add_header Access-Control-Max-Age 1728000; add_header Content-Type textplain charset=UTF-8; add_header Content-Length

    23930

    扫码关注云+社区

    领取腾讯云代金券