NGINX仅为'api'子域设置CORS头
我有一个NGINX设置,它代理我的应用服务器请求,如下所示:NGINX仅为'api'子域设置CORS头,nginx,http-headers,cors,Nginx,Http Headers,Cors,我有一个NGINX设置,它代理我的应用服务器请求,如下所示: daemon off; #Heroku dynos have at least 4 cores. worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>; events { use epoll; accept_mutex on; worker_connections 1024; } http { # Instead of using Rack::Deflate
daemon off;
#Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
worker_connections 1024;
}
http {
# Instead of using Rack::Deflater and having the application serer Gzip HTML and JSON requests from
# the client, have the webserver compress them.
gzip on;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css text/json text/javascript
application/javascript application/x-javascript application/json
application/rss+xml application/vnd.ms-fontobject application/x-font-ttf
application/xml font/opentype image/svg+xml text/xml;
underscores_in_headers on;
server_tokens off;
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log logs/nginx/access.log l2met;
error_log logs/nginx/error.log;
include mime.types;
default_type application/octet-stream;
sendfile on;
#Must read the body in 5 seconds.
client_body_timeout <%= ENV['NGINX_CLIENT_BODY_TIMEOUT'] || 5 %>;
upstream app_server {
server unix:/tmp/nginx.socket fail_timeout=0;
}
server {
listen <%= ENV["PORT"] %>;
keepalive_timeout 5;
root /app/public;
client_max_body_size <%= ENV['NGINX_CLIENT_MAX_BODY_SIZE'] || 1 %>M;
server_name _
location ~ ^/(assets)/ {
# Have Nginx prefer to serve the *.gz file, since its already compressed and ready to go
gzip_static on;
# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
# When serving fonts, we need to make sure we set the `Access-Control-Allow-Origin` header to '*'.
location ~* \.(eot|svg|ttf|woff)$ {
add_header 'Access-Control-Allow-Origin' '*' always;
}
break;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
守护进程关闭;
#Heroku dynos至少有4个磁芯。
工人的工作流程;
事件{
使用epoll;
接受上的互斥;
工人(1024);;
}
http{
#而不是使用Rack::Deflater并从
#客户端,让Web服务器压缩它们。
gzip on;
gzip_comp_三级;
gzip_代理任何;
gzip_类型text/plain text/css text/json text/javascript
application/javascript application/x-javascript application/json
application/rss+xml应用程序/vnd.ms-fontobject应用程序/x-font-ttf
application/xml-font/opentype-image/svg+xml-text/xml;
在上的\u标题中加下划线;
服务器_令牌关闭;
log_format l2met'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log logs/nginx/access.log l2met;
错误日志/nginx/error.log;
包括mime.types;
默认_类型应用程序/八位字节流;
发送文件到;
#必须在5秒内读取正文。
客户端\主体\超时;
上游应用程序服务器{
服务器unix:/tmp/nginx.socket失败\u超时=0;
}
服务器{
听
保持激活超时5;
root/app/public;
客户_最大_车身_尺寸M;
服务器名称_
地点~^/(资产)/{
#Nginx是否更愿意为*.gz文件提供服务,因为它已经被压缩,可以使用了
gzip_静态开启;
#根据RFC2616,最长有效期为1年
1年期满;
添加_头缓存控制公共;
#如果存在错误,某些浏览器仍会发送条件GET请求
#上次修改的标头或ETag标头(即使尚未修改)
#已到达Expires标头中发送的到期日期。
添加上次修改的标题“”;
添加标题ETag“”;
#提供字体时,我们需要确保将“Access Control Allow Origin”标题设置为“*”。
位置~*\(eot | svg | ttf | woff)${
始终添加标题“访问控制允许源”*;
}
打破
}
地点/{
代理集头X-Real-IP$remote\u addr;
proxy\u set\u header X-Forwarded-For$proxy\u add\u X\u Forwarded\u For;
代理设置头主机$http\U主机;
代理_重定向关闭;
代理通行证http://app_server;
}
}
}
但是,如果用户请求api.mydomain.com
,我希望NGINX将CORS头添加到这些请求中,但只有这样
因此,如果用户请求
app.mydomain.com
我不想要CORS头,但是如果他们请求api.mydomain.com
我想要添加它们。有人知道如何实现这一点吗?您可以为api.mydomain.com
添加特定的服务器块:
server {
server_name api.mydomain.com;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
}
}
或者,我想您可以使用if($host=“api.mydomain.com”)
块:
if ($host = "api.mydomain.com") {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
}