如何在NGINX中的所有域中添加CORS(跨源策略)? [英] How to add CORS (cross origin policy) to all domains in NGINX?

问题描述

我已经创建了一个文件夹，该文件夹将用于提供静态文件(CSS，图像，字体和JS等).最终，我将该文件夹命名为一个子域，以在CDN上使用，以与我的Magento 2设置一起使用.

I have created a folder that will be used for serving static files (CSS, images, fonts and JS etc) I will eventually CNAME the folder into a subdomain for usage on a CDN to work with my Magento 2 setup.

我想允许所有域都通过CORS进行所有访问-跨源策略，并且我也想缓存数据.这就是我所拥有的. (我不是在寻求有关JSONP问题的安全性建议或技巧-我想对文件目录进行全局访问)

I want to allow ALL domains ALL access via CORS - Cross Origin Policy and I want to cache the data too. This is what I have. (I am not asking for security suggestions or tips on JSONP issues - I want global access to the file directory please)

location /cdn-directory/ {

    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|zip|gz|gzip|bz2|csv|xml)$ {
        add_header Cache-Control "public";
        add_header X-Frame-Options "ALLOW-FROM *";
        expires +1y;
    }

}

根据文档，它说X-Frame-Options支持，但看不到使用*(所有域)或在此ALLOW-FROM中添加某些多个域的示例.我需要允许所有域访问我的静态文件文件夹.

According to documentation it says X-Frame-Options supports ALLOW-FROM uri but cannot see examples of using * (all domains) or adding certain multiple domains in this ALLOW-FROM. I need to allow all domains access to my static files folder.

推荐答案

location /cdn-directory/ {

location ~* \.(js|css|swf|eot|ttf|otf|woff|woff2)$ {
    add_header 'Cache-Control' 'public';
    add_header 'X-Frame-Options' 'ALLOW-FROM *';
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    expires +1y;
  } 
}

http://enable-cors.org/server_nginx.html

这篇关于如何在NGINX中的所有域中添加CORS(跨源策略)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！