http://www.ruanyifeng.com/blog/2016/04/cors.html

如果需要跨域的预先检查,则响应options请求;
之后只要声明Origin和ExposeHeader即可;

    location / {
       if ($request_method = 'OPTIONS') {
            add_header 'access-control-allow-origin' '*' always; 
            add_header 'access-control-allow-methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always;                 
            add_header 'access-control-allow-credentials' 'false' always;# origin不能为*
            add_header 'access-control-allow-headers' 'iv, key, authorization, content-type, if-match, if-modified-since, if-none-match, if-unmodified-since, x-csrf-token, x-requested-with' always;                
            add_header 'access-control-max-age' '2592000' always;
            add_header 'content-type' 'text/plain';
            add_header 'content-length' 0;
            return 204;
        }           
        add_header 'access-control-allow-origin' '*' always;
        add_header 'access-control-expose-headers' 'date, logid' always;
        add_header 'logid' $request_id always;
    }

标签: none

添加新评论