nginx跨域配置失效
- 如果需要跨域请求发送cookie,需要xhr.withCredentials = true;
并且如要设置Access-Control-Allow-Credentials: true
如果设置了Access-Control-Allow-Credentials: true,
那么:Access-Control-Allow-Origin要为当前的请求域名,
Access-Control-Allow-Headers 不能为通配符*
下面为nginx配置demo
server{
listen 443;
listen 80;
server_name xxx;
ssl on;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /data/nginx/keys/xxx;
ssl_certificate_key /data/nginx/keys/xxx;
access_log logs/xxx main;
location / {
set $cors_origin "";
if ($http_origin ~* "^https?:\/\/([^.]+\.)+baidu\.com") {
set $cors_origin $http_origin;
}
add_header Access-Control-Allow-Origin $cors_origin;
add_header Access-Control-Allow-Headers $http_access_control_request_headers;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
if ($request_method = 'OPTIONS') {
return 204;
}
}
}