飘在云端

啊!那蓝真天,白真云!

· webServer · · 215次浏览

MyUrls + sub-web 跨域配置

可能是 Cloudflare 背锅,后端的 CORS header 一直消失不见,增加任意自定义 header 也是消失不见,见鬼了
无奈关闭 Cloudflare CDN,清除 CDN缓存,刷新 DNS 缓存并解析到源站已生效,还是所有后端响应 header 莫名全部丢失!!

客户端浏览器测试,请求 header 始终带了一些 Cloudflare 特有字段,玄学了,能清的都清了,也换浏览器了,数个钟之后才恢复正常

请输入图片描述
请输入图片描述


后端(MyUrls) nginx 配置:

location / {
    proxy_pass http://127.0.0.1:8002;
   #跨域
    add_header 'Access-Control-Allow-Origin' $http_origin always; 
    add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Max-Age' 86400 always;
    add_header 'Access-Control-Allow-Methods' 'PUT,GET,POST,DELETE,HEAD' always;
     if ($request_method = 'OPTIONS') {
        return 204;
       }
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
}
# 针对 POST 请求特别配置,修复后端返回  POST 444 / 404 状态码
location ~ ^/short  {
proxy_pass http://127.0.0.1:8002;
    #跨域
    add_header 'Access-Control-Allow-Origin' $http_origin always;
    add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Max-Age' 86400 always;
    add_header 'Access-Control-Allow-Methods' 'PUT,GET,POST,DELETE,HEAD' always;
     if ($request_method = 'OPTIONS') {
        return 204;
       }
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
       
    }



前端(sub-web) Nginx 配置:

server
{    

# 跨域
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers always;
add_header 'Access-Control-Max-Age' 86400 always;
add_header 'Access-Control-Allow-Methods' 'PUT,GET,POST,DELETE,HEAD' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 
add_header Cache-Control no-store always;

}