如何根据允许的来源列表设置Access-Control-Allow-Origin标头的值? [英] How to set the value of the Access-Control-Allow-Origin header based on a list of allowed origins?
问题描述
我已经阅读了很多文章,但没有一个工作。
I have read quite a lot of posts but none of them worked though.
我在装有ubuntu 16.04和nginx的aws中安装了ec2。进入可用站点
/ 启用站点
进入'Access-Control-Allow- Origin'
允许一个域访问,但是如何添加多个域访问?
I have ec2 setup in aws installed with ubuntu 16.04 and nginx. went into the site-available
/ site-enabled
to 'Access-Control-Allow-Origin'
allowing one domain access, but how can I add more than one domain access?
如果添加更多域,则会出现多个值错误不止一个
很多帖子都是关于php的,例如
I would get multiple values error if I add more than one accress. Lots posts are about php such as
NGINX的 Access-Control-Allow-Origin标头包含多个值
使用php,但是我尝试使用上面的代码,但是却无法正常工作。
even though I am not using php but I have tried using the code above but does not work though.
有人能帮我或者指导我如何在服务器上完成此工作吗?
is anyone able to give me a hand or direct me how this can be done on server?
预先感谢。
推荐答案
您可以有条件地导致 Access-Control-Allow-Origin
通过向您的nginx配置添加如下内容,以正确的值发送响应头。
You can conditionally cause the Access-Control-Allow-Origin
response header to be sent, with the right value, by adding something like the following to your nginx config.
location / {
set $is_allowed_origin "";
if ($http_origin = "https://some.allowed.origin") {
set $is_allowed_origin "true";
}
if ($http_origin = "https://another.allowed.origin") {
set $is_allowed_origin "true";
}
if ($is_allowed_origin = "true") {
add_header "Access-Control-Allow-Origin" "$http_origin";
}
}
这将导致访问-Control-Allow-Origin:如果请求中
是 Origin
请求标头的值,则发送https://some.allowed.origin https://some.allowed.origin
,并且会导致 Access-Control-Allow-Origin:https://another.allowed.origin
如果 Origin
是 https://another.allowed.origin
发送,
That’ll cause Access-Control-Allow-Origin: https://some.allowed.origin
to be sent if the value of the Origin
request header in the request is https://some.allowed.origin
, and will cause Access-Control-Allow-Origin: https://another.allowed.origin
to be sent if the Origin
is https://another.allowed.origin
, etc.
如果 Origin
请求标头的值也不是 https:/ /some.allowed.origin
或 https://another.allowed.origin
,然后没有 Access-Control-Allow -原始
将被发送。
And if the value of the Origin
request header is neither https://some.allowed.origin
or https://another.allowed.origin
, then no Access-Control-Allow-Origin
would be sent.
这篇关于如何根据允许的来源列表设置Access-Control-Allow-Origin标头的值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!