我的问题与此处所述的完全相同: 禁用HTTP OPTIONS方法的authentication(预检请求) 。 我正在尝试同时使用CORS和HTTP密码。 当浏览器看到退回的OPTIONS(状态码401)时,由于某种原因,它会立即检查CORS头(将不存在)并拒绝请求。
这是我的configuration:
location /api/ { proxy_pass http://127.0.0.1:14000; proxy_set_header Host $host; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Authorization, Content-Type"; add_header Access-Control-Allow-Credentials true; auth_basic "Restricted Area"; auth_basic_user_file /var/www/admin.htpasswd; } 这是我提出的解决scheme。 它破坏了所有的CORS add_header指令。
location /api/ { proxy_pass http://127.0.0.1:14000; proxy_set_header Host $host; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Authorization, Content-Type"; add_header Access-Control-Allow-Credentials true; if ($request_method = OPTIONS) { add_header Content-Length 0; add_header Content-Type text/plain; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Authorization, Content-Type"; add_header Access-Control-Allow-Credentials true; return 200; } auth_basic "Restricted Area"; auth_basic_user_file /var/www/admin.htpasswd; }