“降级时没有引荐来源人错误"; Firebase上的Angular应用程序连接到NGINX Jelastic [英] "no-referrer-when-downgrade error" Angular app on Firebase connecting to NGINX Jelastic
本文介绍了“降级时没有引荐来源人错误"; Firebase上的Angular应用程序连接到NGINX Jelastic的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我具有以下架构:
- 托管在Google Firebase(HTTPS)上的Angular Webapp
- 具有以下条件的弹性环境:
- NGINX服务器(HTTPS)
- Springboot 2应用程序服务器(HTTP)
- An Angular webapp hosted on Google Firebase (HTTPS)
- A jelastic environment with:
- An NGINX server (HTTPS)
- A Springboot 2 application server (HTTP)
为了正常工作,Firebase需要使用HTTPS API,因此我向NGINX服务器添加了SSL证书和公共IP.如果我从邮递员使用HTTP调用API,则调用可以正常工作.但是,如果我从Firebase中的Angular应用程序调用API HTTPS,则无法正常工作,并且出现以下错误:推荐人政策:降级时没有推荐人"-net :: ERR_CONNECTION_REFUSED.
In order to work fine Firebase needs to use HTTPS API, so I added to the NGINX server an SSL certificate and a public IP. If I call the API using HTTP from postman the calls work fine. But if I call the API HTTPS from the Angular app in firebase than it doesn't work and I get this error: "Referrer Policy: no-referrer-when-downgrade" - net::ERR_CONNECTION_REFUSED.
我看到了这个问题,但我无法解决该问题
I saw this question but I was not able to fix the problem.
这是nginx conf文件.我用XXX.XXX.XXX.XXX替换了IP地址
This is the nginx conf file. I replaced the IP addresses with XXX.XXX.XXX.XXX
######## HTTP SECTION PROTOTYPE ######## http { server_tokens off ; include /etc/nginx/mime.types; default_type application/octet-stream; set_real_ip_from 192.168.0.0/16; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/16; real_ip_header X-Forwarded-For; real_ip_recursive on; log_format main '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" ' 'rt=$request_time ' 'ua="$upstream_addr" us="$upstream_status" ' 'ut="$upstream_response_time" ul="$upstream_response_length" ' 'cs=$upstream_cache_status' ; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; client_max_body_size 100m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; # gzip on; gzip_min_length 1100; gzip_buffers 4 8k; gzip_types text/plain; output_buffers 1 32k; postpone_output 1460; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75 20; ignore_invalid_headers on; map $upstream_addr $group { default ""; ### MAPPING FOLLOWS HERE ### ### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this! ~XXX\.XXX\.XXX\.XXX\:80$ common; ### MAPPROTO for common ### } ### DEFAULT UPSTREAM FOLLOWS HERE ### upstream default_upstream{ ### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ### server XXX.XXX.XXX.XXX; ### DEFUPPROTO for common ### sticky path=/; keepalive 100; } ### UPSTREAMS LIST FOLLOWS HERE ### #upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! } upstream common { server XXX.XXX.XXX.XXX ; sticky path=/; keepalive 100; } ### UPSTREAMPROTO for common ### #GFADMIN server { listen *:80; listen [::]:80; server_name _; #add_header Referrer-Policy "no-referrer"; # by Paolo access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; #ModSecurityEnabled on; #ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf; proxy_temp_path /var/nginx/tmp/; proxy_connect_timeout 5s; error_page 500 502 503 504 /50x.html; proxy_next_upstream error timeout http_500; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-Remote-Port $http_x_remote_port; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; if ($http_x_remote_port = '' ) { set $http_x_remote_port $remote_port; } location = /50x.html { root html; } location / { if ($cookie_SRVGROUP ~ group|common) { proxy_pass http://$cookie_SRVGROUP; error_page 500 502 503 504 = @rescue; } if ($cookie_SRVGROUP !~ group|common) { add_header Set-Cookie "SRVGROUP=$group; path=/"; } proxy_pass http://default_upstream; add_header Set-Cookie "SRVGROUP=$group; path=/"; } location @rescue { proxy_pass http://default_upstream; add_header Set-Cookie "SRVGROUP=$group; path=/"; } #USERLOCATIONS } # server { # listen *:8001; # server_name backup.local; # # location / { # proxy_pass http://default_upstream; # add_header Set-Cookie "SRVGROUP=$group; path=/"; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Host $http_host; # proxy_set_header X-Forwarded-For $http_x_forwarded_for; # proxy_set_header X-URI $uri; # proxy_set_header X-ARGS $args; # proxy_set_header Refer $http_refer; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # } # } include /etc/nginx/conf.d/*.conf; } ######## TCP SECTION PROTOTYPE ########这是conf.d/ssl.conf的内容
This is the content of conf.d/ssl.conf
# # HTTPS server configuration # #server { # listen 443; # server_name _; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #}这是conf.d/ssl.conf.disabled的内容
while this is the content of conf.d/ssl.conf.disabled
# # HTTPS server configuration # server { listen 443 http2; listen [::]:443 http2; server_name _; ssl on; ssl_certificate /var/lib/jelastic/SSL/jelastic.chain; ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers '*****removed by me*****'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; proxy_temp_path /var/nginx/tmp/; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location / { set $upstream_name common; include conf.d/ssl.upstreams.inc; proxy_pass http://$upstream_name; proxy_next_upstream error; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Ssl-Offloaded "1"; } }推荐答案
您应该添加:
add_header 'Referrer-Policy' 'origin';到/etc/nginx/conf.d/ssl.conf
to /etc/nginx/conf.d/ssl.conf
这篇关于“降级时没有引荐来源人错误"; Firebase上的Angular应用程序连接到NGINX Jelastic的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
