从 Apache .htaccess 到 nginx 的 CORS 规则覆盖 [英] CORS rules coversion from Apache .htaccess to nginx
问题描述
目前我有这些 .htaccess 规则在我的 Apache 服务器上完美运行:
Presently I have these .htaccess rules working perfectly on my Apache server:
<IfModule mod_headers.c>
SetEnvIf Origin "https://(www\.)?(domain.com|beta.domain.com|domain.loc)$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
最近决定切换到 nginx 要求我们实现相同的.我仍然对它的内部结构有所了解,真的需要帮助将其转换为 nginx 配置对应物.
Recent decision to switch to nginx requires us to implement the same. I'm still getting a hang of its internals and really need help converting this into its nginx config counterpart.
到目前为止我尝试过的:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name api.mydomain.loc;
root /var/www/mydomain/api/public;
index index.html index.htm index.php;
location / {
if ($http_origin ~* https://(www\.)?(mydomain.loc)) {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Credentials true;
}
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
不胜感激.
推荐答案
最简单的 nginx 等价于问题中的 Apache 配置,只需使用 add_header 并将其全部包装在 if 块对 $http_origin 进行正则匹配:
The simplest nginx equivalent of the Apache config in the question would be, just use add_header and wrap it all in anif block that does a regex match against $http_origin:
location / {
if ($http_origin ~* https://(www\.)?(domain.com|beta.domain.com|domain.loc)) {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
add_header Access-Control-Allow-Credentials true
}
# use $http_authorization to get the value of the Authorization request header
}
额外的 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 你需要用 Apache 做的事情在 nginx 中不是必需的;而是使用 $http_authorization.
The extra RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] stuff that you need to do with Apache isn’t necessary with nginx; instead just use $http_authorization.
请注意 nginx 中名称以 $http_ 为前缀的变量 是特殊变量:
Note that variables in nginx that have names prefixed with $http_ are special variables:
$http_name
任意请求头域;变量名的最后一部分是字段名
转换为小写,破折号由下划线代替
$http_name
arbitrary request header field; the last part of a variable name is the field name
converted to lower case with dashes replaced by underscores
因此 $http_origin 为您提供 Origin 请求标头的值,$http_authorization 为您提供 Authorization<的值/code> 请求头等
Thus $http_origin gives you the value of the Origin request header, $http_authorization gives you the value of the Authorization request header, etc.
这篇关于从 Apache .htaccess 到 nginx 的 CORS 规则覆盖的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
