Node.js 获得'；'；访问控制允许原点'；标头包含多个值'；用MEAN和nginx_Node.js_Nginx_Deployment_Mean Stack_Reverse Proxy

Node.js 获得'；'；访问控制允许原点'；标头包含多个值'；用MEAN和nginx

node.js nginx deployment

Node.js 获得'；'；访问控制允许原点'；标头包含多个值'；用MEAN和nginx,node.js,nginx,deployment,mean-stack,reverse-proxy,Node.js,Nginx,Deployment,Mean Stack,Reverse Proxy,我已经在MEAN stack中开发了一个应用程序，并将Nginx用于HTTPS。我在node中使用了socket.io并开发了RESTAPI 下面是我的Nginx配置 server { # Enable HTTP/2 listen 443 ssl; listen [::]:443 ssl http2; server_name api.some.com www.api.some.com; # Use the Let’s Encrypt certifica

我已经在MEAN stack中开发了一个应用程序，并将Nginx用于HTTPS。我在node中使用了socket.io并开发了RESTAPI

下面是我的Nginx配置

server {
    # Enable HTTP/2
    listen 443 ssl;
    listen [::]:443 ssl http2;
    server_name api.some.com www.api.some.com;

    # Use the Let’s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/api.some.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.some.com/privkey.pem;

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {    
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,from,x-auth,Access-Control-Allow-Origin';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;

    add_header 'Cache-Control' 'no-cache';
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,from,x-auth,Access-Control-Allow-Origin';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,from,x-auth,Access-Control-Allow-Origin';

    add_header 'Cache-Control' 'no-cache';   
  }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,from,x-auth';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,from,x-auth';

    add_header 'Cache-Control' 'no-cache';    
 }


        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:5000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    ##### changes for socket.io 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    }

}

当我的应用程序尝试连接套接字时，我收到“Access Control Allow Origin”头包含多个值”错误

我找到了一个锻炼方法。如果我在GET部分对“add_header”部分进行注释，并在代码中添加“Access Control Allow Origin”header，那么它工作正常。如果我没有在代码中添加头，那么getrestapi就不起作用，它要求使用“accesscontrolalloworigin”头

但我不想这样做，因为nginx应该处理这个问题，我的代码不应该担心这些头

我错过了什么

更新：

我在GET-in nginx的Allow headers部分添加了“Access Control Allow Origin”，并从节点服务器中删除了GET-specific代码，GET-rest API开始工作，但套接字开始抛出CORS Origin错误。

您解决了这个问题吗？我在SocketIO上也遇到了同样的错误，无法修复。@LucaDeNardi no表示“GET”，但对于WebSocket，您需要添加“proxy\u http\u version 1.1；代理设置头升级$http\U升级；代理集头连接“升级”；'由于WebSocket通过标头升级将http协议更改为WebSocket