如下

server {

    listen       80;

    server_name  www.your.com;

    root         /data/web/www.your.com;

    access_log   /var/log/nginx/www.your.com_access.log;

    error_log    /var/log/nginx/www.your.com_error.log;

    set $cors_origin "";

    if ( $http_origin ~ https?://.*\.(a|b)\.com ) {

        set $cors_origin $http_origin;

    }

    add_header Access-Control-Allow-Origin $cors_origin;

}

  curl测试跨域是否生效,a.jpg要存在,查看Access-Control-Allow-Origin字段。

[root@HD1g-static-website /usr/local/nginx/conf/conf.d]# curl -I -H "Origin: https://test.a.com" https://www.your.com/a.jpg

HTTP/1.1 200 OK

Date: Sun, 05 May 2019 06:12:53 GMT

Content-Type: image/jpeg

Content-Length: 134100

Connection: keep-alive

Last-Modified: Tue, 05 Mar 2019 07:01:43 GMT

ETag: "5c7e1ed7-20bd4"

Expires: Tue, 04 Jun 2019 06:12:53 GMT

Cache-Control: max-age=2592000

Access-Control-Allow-Origin: https://test.a.com

Accept-Ranges: bytes

  一个较完整的CORS,引用自https://enable-cors.org/server_nginx.html

[root@HD1g-static-website /usr/local/nginx/conf/conf.d]# cat nginx_cors

if ($request_method = 'OPTIONS') {

    add_header 'Access-Control-Allow-Origin' '*';

    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

    #

    # Custom headers and headers various browsers *should* be OK with but aren't

    #

    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

    #

    # Tell client that this pre-flight info is valid for 20 days

    #

    add_header 'Access-Control-Max-Age' 1728000;

    add_header 'Content-Type' 'text/plain charset=UTF-8';

    add_header 'Content-Length' 0;

    return 204;

}

if ($request_method = 'POST') {

    add_header 'Access-Control-Allow-Origin' '*';

    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

}

if ($request_method = 'GET') {

    add_header 'Access-Control-Allow-Origin' '*';

    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

}

最新文章

  1. TODO:一不顺眼就换字体Go之应用篇
  2. 也许你需要点实用的-Web前端笔试题
  3. Javascript字节转换
  4. 开发基于Edge渲染内核的浏览器应用
  5. centos下安装ZooKeeper
  6. 《Java程序设计》第四周学习总结
  7. SQL Server select into/bulkcopy用法
  8. CodeForces 10C. Digital Root
  9. 构建RESTful风格的WCF服务
  10. 分库分表下uuid的生成
  11. Samba匿名用戶仅仅唯读访问
  12. C++STL之String
  13. codevs 1006 等差数列
  14. Codeforces Round #539 (Div. 2) - C. Sasha and a Bit of Relax(思维题)
  15. iis 支持 .netcore 环境
  16. [转帖]中关村:LED屏幕和OLED屏幕有什么区别?答案在这里
  17. Echarts使用Ajax异步获得数据的前端json格式转化问题
  18. 一、Dev
  19. Hadoop生态圈-Oozie实战之逻辑调度执行多个Job
  20. 20 go单元测试

热门文章

  1. 简单而粗暴的方法画任意阶数Bezier曲线
  2. Linux 查看系统相关信息(系统发型版本及内核版本等)
  3. 用python 获取照片的Exif 信息(获取拍摄设备,时间,地点等信息)
  4. 白话算法:时间复杂度和大O表示法
  5. HashMap的相关面试题
  6. linux c 链接详解3-静态库
  7. mariadb数据库简介
  8. 条件随机场CRF介绍
  9. 牛客OI周赛13-提高组 比赛总结
  10. while循环练习: