我正在得到一个
XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://website1.com' is therefore not allowed access. Website2是使用nginxconfiguration的:
server { listen 80; server_name website2.com; root /var/www/website2; index index.php index.html index.htm; #try_files $uri $uri/ /index.php?$args; client_max_body_size 20M; location /ads { add_header 'Access-Control-Max-Age' 1728000; add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; try_files $uri $uri/ /index.php?$args; } location / { try_files $uri $uri/ /index.php?$args; # proxy_pass http://127.0.0.1:2368/; # proxy_set_header Host $host; # proxy_buffering off; } gzip on; gzip_vary on; gzip_types text/javascript text/css text/xml application/xml application/xml+rss; gzip_comp_level 9; gzip_min_length 100; gzip_buffers 16 8k; gzip_proxied expired no-cache no-store private auth; gzip_http_version 1.0; gzip_disable "MSIE [1-6]\."; location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires 24h; log_not_found off; } location ~ \.php$ { try_files $uri =404; # Fix for server variables that behave differently under nginx/php-fpm than typically expected fastcgi_split_path_info ^(.+\.php)(/.+)$; # Include the standard fastcgi_params file included with nginx include fastcgi_params; fastcgi_param HTTPS $https; fastcgi_pass_header X_SECURECONNECTION; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; # Override the SCRIPT_FILENAME variable set by fastcgi_params fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Pass to upstream PHP-FPM; This must match whatever you name your upstream connection fastcgi_pass 127.0.0.1:9000; } #preventing access to git location ~ /\.(?:git).* { deny all; access_log off; log_not_found off; } #preventing access to .htaccess or htpasswd location ~ /\.ht.* { deny all; access_log off; log_not_found off; } server_tokens off; if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } location /images/ { valid_referers none blocked example.com *.example.com; if ($invalid_referer) { return 403; } }
如何获得这个网页的要求是:1)访问website1的PHP文件。 2)PHP文件死于一个包含javascript2文件的html网页。 3)Javascript使用ajax获取不允许访问的website2中的html,它使用GET方法。
当进程结束时,服务器地址仍然是网站1。
我也试图把它添加到“位置/”。
有任何想法吗?
更新:
遵循以下步骤: http : //www.html5rocks.com/en/tutorials/cors/
由于add_header“Access-Control-Allow-Origin”被添加到服务器上下文中,而不是位置上下文,因此没有显示该错误。
但是,它经常不起作用。 第三个或更less的请求仍然会返回相同的错误:
XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://website1.com' is therefore not allowed access.
curl我显示:
HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Apr 2015 10:30:55 GMT Content-Type: text/html Content-Length: 402 Last-Modified: Tue, 21 Apr 2015 09:13:44 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "553614c8-192" Access-Control-Allow-Origin: * Accept-Ranges: bytes
这个区块:
location /ads { proxy_set_header 'Access-Control-Max-Age' 1728000; proxy_set_header 'Access-Control-Allow-Origin' '*'; proxy_set_header 'Access-Control-Allow-Credentials' 'true'; proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; proxy_set_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; try_files $uri $uri/ /index.php?$args; }
唯一的指令是做任何事情try_files – 因为没有代理请求发出 。 如果proxy_pass也被使用, proxy_pass_header才有意义; 但它会将头部发送到代理服务器, 而不是客户端,因此与CORS无关。
你正在寻找的指令是add_header – 一个有效的例子是:
location /ads { add_header "Access-Control-Allow-Origin" "*"; ... try_files $uri $uri/ /index.php?$args; }
这将头添加到发送回客户端(浏览器)的响应。