avatar

sunday

Sunday's Blog

  • 首页
Home 浏览器出现的一些跨域的问题,如何正确设置cors
文章

浏览器出现的一些跨域的问题,如何正确设置cors

Posted 2024-01-21 Updated 2024-01- 21
By sunday
10~13 min read

浏览器出现的一些跨域的问题

1.预检请求问题,就是会以options的方法发送请求

比如你有如下nginx配置

location / {  
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

    if ($request_method = 'OPTIONS') {
        return 204;
    }
}

浏览器会报如下错误:

Access to fetch at 'https://example.com/api/send' from origin 'https://example2.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

这时候变更nginx的配置如下就好了:

location / {  
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
   # 去掉以下配置就可以了 
   # if ($request_method = 'OPTIONS') {
   #     return 204;
   # }
}

2.返回了多个Access-Control-Allow-Origin响应头问题

比如你有如下nginx配置

location / {  
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}

浏览器会报如下错误:

Access to fetch at 'https://example.com/api/send' from origin 'https://example2.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

这时候变更nginx的配置如下就好了,就去掉允许所有源,因为服务器可能已经设置过了,nginx不用再设置了

location / {  
  # 去掉以下这行就可以了
  # add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}

nginx, 疑难杂症
nginx 疑难杂症
License:  CC BY 4.0
Share

Further Reading

Oct 30, 2024

nginx设置多个允许跨域的请求源

# 定义允许的源列表 map $http_origin $cors_origin { "https://youdomian.com" "https://youdomian.com"; "http://localhost:3010" "http://localhost:3010"; }
Apr 2, 2024

已安装的nginx,动态模块开启google brotli 压缩,并在vite项目中启用

1.下载ngx_brotli 到github https://github.com/google/ngx_brotli 然后git clone cd /usr/local/ git clone https://github.com/google/ngx_brotli.git cd /usr/loca
Apr 1, 2024

nginx1.25.0以上快速开启http3

nginx 快速开启http3 参考以下配置: server { listen 443 ssl; listen 443 quic reuseport; #开启http3特性 注意 reuseport 只能填写一次,比如你在另外个域名也是这样填写,会报duplicate的信息,ngin
OLDER

next.js中使用zustand引入第三方库报错self is not defined

 NEWER

Window11上用vscode一键打包上传部署react/vue项目,一键脚本

Recently Updated

  • nextjs使用three.js写一个3D模型的查看器Viewer
  • nextjs15使用better-sqlite3的连接报错问题
  • nextjs + clerk + supabase + realtime 实时监听数据库更改
  • 解决nextjs15使用useLocalStorage报错的问题
  • mac上使用nodejs appium控制chrome浏览器

Trending Tags

nginx acme 强制跳转HTTPS nodejs 代理 mac 神器 vue3 工具 docker

Contents

©2025 sunday. Some rights reserved.

Using the Halo theme Chirpy