add_header 'Access-Control-Allow-Origin' $http_Origin always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'OPTION, POST, GET';
add_header 'Access-Control-Allow-Headers' 'Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,AJAX,HTTP_AJAX,withCredentials';
其中 AJAX,HTTP_AJAX 为自定义请求头
当 add_header 'Access-Control-Allow-Credentials' 'true'; 时,add_header 'Access-Control-Allow-Origin' $http_Origin always;
当 add_header 'Access-Control-Allow-Origin' *;需要去掉 add_header 'Access-Control-Allow-Credentials' 'true';