配置调整后记得清理浏览器缓存,配置调整后记得清理浏览器缓存,配置调整后记得清理浏览器缓存
cors
有时候,当在一个页面经过XHR方式访问另外一个域名的资源时,浏览器会报CORS跨域错误。(经过新的浏览器tab页打开其它域名的资源,不会有问题),错误如:nginx
Access to XMLHttpRequest at 'http://{ip}:{port}/xxx.png' from origin 'http://59.55.125.161:8992' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.要解决该问题,在须要跨域访问的服务器上配置:web
server {
listen 8819;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# 解决跨域问题 start
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header Access-Control-Expose-Headers 'Content-Disposition';
if ($request_method = 'OPTIONS') {
return 204;
}
# 解决跨域问题 end
...
}问题
Refused to get unsafe header "Content-Disposition"
nginx配置加上add_header Access-Control-Expose-Headers 'Content-Disposition';跨域
Refused to display 'http://{otherDomainSiteUrl}:{... in a frame because it set 'X-Frame-Options' to 'sameorigin'.
A服务器访问其它域名B的资源时,若是报这个错误。则B服务器nginx上作以下配置:浏览器
add_header X-Frame-Options 'ALLOW-FROM http://{ip}:{port}';这里的{ip}:{port}为A服务器的IP和端口。服务器
add_header X-Frame-Options 能够设置的值有:ALLOWALL/SAMEORIGIN/DENYapp
设置完以后,若是报:cors
Refused to display 'http://10.180.221.159:7078/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOWALL'). Falling back to 'deny'.这个表示设置的X-Frame-Options冲突了。好比B项目采用spring框架,spring security自己设置了X-Frame-Options为SAMEORIGIN。
能够经过以下方式解决,在B服务器的nginx上设置:框架
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options ALLOWALL;以下错误同理:
has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:8080, *', but only one is allowed.原文链接:
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
