CORS规定了从Apache .htaccess到nginx的覆盖范围 [英] CORS rules coversion from Apache .htaccess to nginx
问题描述
目前,我已经在我的Apache服务器上完美地使用了这些.htaccess规则:
Presently I have these .htaccess rules working perfectly on my Apache server:
<IfModule mod_headers.c>
SetEnvIf Origin "https://(www\.)?(domain.com|beta.domain.com|domain.loc)$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
最近切换到Nginx的决定要求我们实施相同的操作.我仍然对它的内部了解不多,确实需要帮助将其转换为它的nginx配置副本.
Recent decision to switch to nginx requires us to implement the same. I'm still getting a hang of its internals and really need help converting this into its nginx config counterpart.
到目前为止,我尝试过的操作:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name api.mydomain.loc;
root /var/www/mydomain/api/public;
index index.html index.htm index.php;
location / {
if ($http_origin ~* https://(www\.)?(mydomain.loc)) {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Credentials true;
}
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
我们将不胜感激.
推荐答案
问题中与Apache配置最简单的nginx等效项是,只需使用add_header并将其全部包装在执行正则表达式的if块中与$http_origin匹配:
The simplest nginx equivalent of the Apache config in the question would be, just use add_header and wrap it all in anif block that does a regex match against $http_origin:
location / {
if ($http_origin ~* https://(www\.)?(domain.com|beta.domain.com|domain.loc)) {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
add_header Access-Control-Allow-Credentials true
}
# use $http_authorization to get the value of the Authorization request header
}
nginx不需要您使用Apache进行的其他RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]操作;只需使用$http_authorization.
The extra RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] stuff that you need to do with Apache isn’t necessary with nginx; instead just use $http_authorization.
请注意,nginx中变量的变量以为前缀a>是特殊变量:
Note that variables in nginx that have names prefixed with $http_ are special variables:
$http_name
任意请求标头字段;变量名称的最后一部分是字段名称
转换为小写字母,并用下划线代替了短划线
$http_name
arbitrary request header field; the last part of a variable name is the field name
converted to lower case with dashes replaced by underscores
因此$http_origin为您提供Origin请求标头的值,$http_authorization为您提供Authorization请求标头的值,等等.
Thus $http_origin gives you the value of the Origin request header, $http_authorization gives you the value of the Authorization request header, etc.
这篇关于CORS规定了从Apache .htaccess到nginx的覆盖范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
