巧用Nginx設定解決跨域問題
2023-04-11 12:01:21
頁面nginx設定
1,前端頁面放在域名根目錄,比如,http://www.xuecheng.com/ ,對應的nginx設定:
#門戶 location / { alias D:/Z_lhy/SpringCloud/xuecheng_online/www/xc-ui-pc-static-portal/; index index.html; }
頁面目錄:
介面nginx設定
2,前端請求介面路徑,在域名後面加一個目錄
url : "http://www.xuecheng.com/api/auth/oauth/token",//傳送請求的地址
function login(){ var uname = $("#username").val(); var pwd = $("#password").val(); $.ajax({ url : "http://www.xuecheng.com/api/auth/oauth/token",//傳送請求的地址 type: "post", dataType: "json", data : "username="+uname+"&password="+pwd+"&grant_type=password", beforeSend:function (request) { // 如果後臺沒有跨域處理,這個自定義 request.setRequestHeader("Authorization","Basic RG9jV2ViQXBwOjEyMzQ1Ng=="); // 禁用按鈕,防止重複提交 $("#submit").attr({ disabled: "disabled" }); }, error : function() { alert("error occured!!!");//請求失敗時彈出的資訊 }, success : function(data) {//返回的資訊展示出來 alert(JSON.stringify(data)) } }); };
nginx 對api介面設定
location /api/ { add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } proxy_pass http://apiserver/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; }
其中的
$http_origin
$http_origin並不是nginx的內建引數,nginx支援取自定義的引數值,$http_XXX這個格式是nginx取請求中header的XXX的值的。這裡取的是origin,而一般跨域請求都會將請求的來源放在origin中(瀏覽器會往跨域請求的header上面加origin這個header)。
這樣設定的話,前端頁面在域名下:www.xuecheng.com,而存取的介面則是www.xuecheng.com/api/xxx ,這樣就不存在跨域問題了,
其實nginx不設定 Access-Control-Allow-Origin也沒事,因為前後端在一個域下了。
注意事項
如果你前後端存取存在跨域問題,而且你需要使用cookie,後端要想獲取到前端攜帶過來的cookie,前後端都要做設定:
前端:
var xhr = new XMLHttpRequest() xhr.withCredentials = true xhr.open('GET', 'http://localhost:8888/', true) xhr.send(null)
後端:
Access-Control-Allow-Origin: http://www.abc.com(這裡必須域名不能是*) Access-Control-Allow-Credentials: true
完整nginx設定
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #微服務閘道器 upstream apiserver{ server 127.0.0.1:50101; } server { listen 80; server_name www.xuecheng.com; ssi on; ssi_silent_errors on; #charset koi8-r; #access_log logs/host.access.log main; #門戶 location / { alias D:/Z_lhy/SpringCloud/xuecheng_online/www/xc-ui-pc-static-portal/; index index.html; } #location / { # root /neworiental/www/jiaofu; # index index.html; # try_files $uri /index.html; #} # proxy_pass末尾有/,請求地址:http://localhost/api/test,轉發地址:http://127.0.0.1:8000/test location /api/ { add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } proxy_pass http://apiserver/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; } location ^~ /openapi/auth/ { proxy_pass http://apiserver/auth/; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
參考:
正確的Nginx跨域設定:https://blog.csdn.net/envon123/article/details/83270277
跨域資源共用(CORS)安全性:https://blog.csdn.net/weixin_43964148/article/details/109352413