nginx 限制 domain 域名 ( Nginx restrict domains )

当客户端 跨域名存取 档案时 会遇到 allow cross domain 限制
基本上可以针对 POST , GET 在 nginx 做相对映的设定

location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header '
Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header '
Access-Control-Max-Age' 1728000;
        add_header '
Content-Type' 'text/plain; charset=utf-8';
        add_header '
Content-Length' 0;
        return 204;
     }
     if ($request_method = '
POST') {
        add_header '
Access-Control-Allow-Origin' '*';
        add_header '
Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header '
Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header '
Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
     if ($request_method = '
GET') {
        add_header '
Access-Control-Allow-Origin' '*';
        add_header '
Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header '
Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header '
Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
}

上述表示结果 任何条件都开放
如果要有条件开放 部份域名才能访问

set $cors '';
if ($http_origin ~* 'https?://(<b>localhost|www\.example\.com|m\.example\.com</b>)') {
        set $cors 'true';
}

if ($cors = 'true') {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
}

参与评论