我將一個具有兩個 API 的專案分別部署login到loadMenu服務器。當我呼叫loginAPI 時,一切都很好,我得到了結果。
但是當我嘗試呼叫loadMenuAPI 時,出現了 CORS 問題。
這是我的 nginx 組態檔:
server {
listen 80;
# set proper server name after domain set
server_name xxxxxx;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_HOST $remote_addr;
# odoo log files
access_log /var/log/nginx/odoo15-access.log;
error_log /var/log/nginx/odoo15-error.log;
# increase proxy buffer size
proxy_buffers 16 64k;
proxy_buffer_size 128k;
proxy_read_timeout 900s;
proxy_connect_timeout 900s;
proxy_send_timeout 900s;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502
http_503;
types {
text/less less;
text/scss scss;
}
# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/less text/plain text/xml application/xml application/json
application/javascript application/pdf image/jpeg image/png;
gzip_vary on;
client_header_buffer_size 4k;
large_client_header_buffers 4 64k;
client_max_body_size 0;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
location / {
#add_header 'Access-Control-Allow-Origin' "$http_origin" always;
#add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin"; # DO NOT remove THIS LINES (doubled with outside 'if' above)
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'My-First-Header,My-Second-Header,Authorization,Content-Type,Accept,Origin';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
if ($request_method = POST) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' *;
}
#proxy_set_header host $http_host;
proxy_pass http://127.0.0.1:8069;
# by default, do not forward anything
proxy_redirect off;
proxy_cookie_path / "/; secure; HttpOnly;SameSite=None";
}
location /longpolling {
proxy_pass http://127.0.0.1:8072;
}
location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires 2d;
proxy_pass http://127.0.0.1:8069;
add_header Cache-Control "public, no-transform";
}
# cache some static data in memory for 60mins.
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_buffering on;
expires 864000;
proxy_pass http://127.0.0.1:8069;
}
}
這是錯誤訊息
訪問“http://127.0.0.1:8069/web/login?redirect=http://127.0.0.1:8069/web/webclient/load_menus/1652856182783”(重定向自“http:// /IP/web/webclient/load_menus/1652856182783') 來自源“http://localhost:8069”已被 CORS 策略阻止:請求的資源上不存在“Access-Control-Allow-Origin”標頭。如果不透明的回應滿足您的需求,請將請求的模式設定為“no-cors”以獲取禁用 CORS 的資源。
uj5u.com熱心網友回復:
在這里暗中刺傷,但我猜你的 API 127.0.0.1:8069(在服務器上)正在回應一個完全限定的重定向 URL,例如
< HTTP/1.1 302 Found
< Location: http://127.0.0.1:8069/web/login?...
這顯然不是服務器內部網路之外的任何東西都可以訪問的 URL。
您缺少的是proxy_redirect配置來重寫Location回應標頭以使用外部地址...
proxy_redirect default;
# or the more verbose equivalent
# proxy_redirect http://127.0.0.1:8069 /;
正如您在此問題的最后一次嘗試中所提到的,如果它以 301 / 302 重定向回應,通常表明您的 API 設計有問題。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/476967.html
標籤:javascript nginx 科尔斯 nginx-反向代理
