Http 设置HAProxy以正确返回CORS标头时出现的问题
我需要有关CORS标头和HAProxy配置的帮助 我在haproxy配置中添加了以下内容:Http 设置HAProxy以正确返回CORS标头时出现的问题,http,cors,haproxy,Http,Cors,Haproxy,我需要有关CORS标头和HAProxy配置的帮助 我在haproxy配置中添加了以下内容: # Add CORS headers when Origin header is present capture request header origin len 128 http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found } htt
# Add CORS headers when Origin header is present
capture request header origin len 128
http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Expose-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-request del-header Origin
http-request del-header Referer
它似乎将CORS头返回到浏览器,但我仍然在浏览器的JSON调用中得到403禁止。
以下是我尝试调用的URL:
当我尝试调用第三方类似查询时,效果很好:
我比较了两个响应的标题。两者看起来很相似。
我不知道我在这里错过了什么
我怀疑后端服务器正在阻止基于某些头的请求。我试图删除源代码:“http请求del header Origin”,但没有任何帮助是的,是后端服务器拒绝了请求。 当我在haproxy配置中添加referer头删除时,问题消失了:
# Add CORS headers when Origin header is present
capture request header origin len 128
http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Expose-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-request del-header Origin
http-request del-header Referer