用于Cors的Nginx Config-不允许add_header指令 [英] Nginx Config for Cors - add_header directive is not allowed

问题描述

我正在尝试将CORS指令添加到我的Nginx文件中，作为简单的静态HTML网站. (摘自此处 http://enable-cors.org/server_nginx.html )

I am trying add CORS directive to my nginx file for as simple static HTML site. (taken from here http://enable-cors.org/server_nginx.html)

为什么会有理由抱怨第一个add_header指令说这里不允许'add_header'指令'

Would there be a reason why it would complain about the first add_header directive saying 'add_header" directive is not allowed here'

我的配置文件示例

server {
    if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
        set $cors "true";
    }

    if ($request_method = 'OPTIONS') {
        set $cors "${cors}options";
    }

    if ($request_method = 'GET') {
        set $cors "${cors}get";
    }
    if ($request_method = 'POST') {
        set $cors "${cors}post";
    }

    if ($cors = "trueget") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
    }

    if ($cors = "truepost") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
    }

    if ($cors = "trueoptions") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
        add_header 'Content-Length' 0;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        return 204;
    }

    listen 8080;

    location / {
        root /var/www/vhosts/mysite;
    }
}

推荐答案

add_header必须放置在http，server，location或if in location块下.

add_header has to be placed under either http, server, location or if in location block.

您正在放置在if in server下.将它们移到location块下.

You are placing in under if in server. Move them under the location block.

server {


    listen 8080;

    location / {
        root /var/www/vhosts/mysite;

        if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
            set $cors "true";
        }

        if ($request_method = 'OPTIONS') {
            set $cors "${cors}options";
        }

        if ($request_method = 'GET') {
            set $cors "${cors}get";
        }
        if ($request_method = 'POST') {
            set $cors "${cors}post";
        }

        if ($cors = "trueget") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
        }

        if ($cors = "truepost") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
        }

        if ($cors = "trueoptions") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
            add_header 'Content-Length' 0;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            return 204;
        }
    }
}

来源: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

这篇关于用于Cors的Nginx Config-不允许add_header指令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！