我将我的API从一个子域移动到另一个,而不会影响已经运行的应用程序。 我在nginx上configuration了三个服务器,例如:
原始API服务器:
server { listen 80; server_name example.com; root /var/www/example/; index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; add_header 'Access-Control-Allow-Origin' '*'; location / { try_files $uri $uri/ /index.php?$args; } location ~*/api/([a-zA-Z0-9_]+) { proxy_pass http://127.0.0.1:4343/api/$1; proxy_read_timeout 60s; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header 'Access-Control-Allow-Origin' '*'; proxy_set_header 'Access-Control-Allow-Credentials' true; } ... } 代理服务器通过:
server { listen 4343; server_name _; root /var/www/exampleapi/; index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; add_header 'Access-Control-Allow-Origin' '*'; location / { try_files $uri $uri/ /index.php?$args; } ... }
AJAX调用用于在旧的apis上完美工作,但是对于新的我在FF上收到错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com/api/startup. (Reason: CORS header 'Access-Control-Allow-Origin' does not match '*, *').
在Safari上:
XMLHttpRequest cannot load https://example.com/api/startup. Origin https://myclient.com is not allowed by Access-Control-Allow-Origin.
冰壶在新的和老apis展示:
HTTP/1.1 200 OK Access-Control-Allow-Origin: *
我该如何解决这个问题?
解决这个问题的办法是不要为Proxy Passed服务器的CORS添加add_header,因为这会复制头文件或使用set_header
代理服务器通过:
server { listen 4343; server_name _; root /var/www/exampleapi/; index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; location / { try_files $uri $uri/ /index.php?$args; } ... }