Http 设置HAProxy以正确返回CORS标头时出现的问题

我需要有关CORS标头和HAProxy配置的帮助

我在haproxy配置中添加了以下内容：

    # Add CORS headers when Origin header is present
capture request header origin len 128
http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Expose-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }

http-request del-header Origin
http-request del-header Referer

它似乎将CORS头返回到浏览器，但我仍然在浏览器的JSON调用中得到403禁止。 以下是我尝试调用的URL：

当我尝试调用第三方类似查询时，效果很好：

我比较了两个响应的标题。两者看起来很相似。 我不知道我在这里错过了什么

---

我怀疑后端服务器正在阻止基于某些头的请求。我试图删除源代码：“http请求del header Origin”，但没有任何帮助

是的，是后端服务器拒绝了请求。 当我在haproxy配置中添加referer头删除时，问题消失了：

    # Add CORS headers when Origin header is present
capture request header origin len 128
http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Expose-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }

http-request del-header Origin
http-request del-header Referer