Node.js 为什么我的服务器在使用Nignx代理的Express上导致两个访问控制允许源标题？

我正在Node.js中构建一个Express应用程序。通过这样做，我在express中打开了cors

var express = require('express');
var bodyParser = require('body-parser');
var cors = require('cors');

// some configuration

/**
 * Add cors
 */
app.use(cors({
  origin: true,
  credentials: true,
  maxAge: 60 * 60 * 24
}));

我们也有Nginx作为代理，我们也有它来允许交叉起源

add_header    Access-Control-Allow-Origin *;

它工作正常，我得到了回复

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Cache-Control: max-age=300
< Date: Fri, 05 Feb 2016 00:36:06 GMT
< Expires: Fri, 05 Feb 2016 00:41:06 GMT
< X-Powered-By: Express
< Content-Length: 35
< Connection: keep-alive

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: my.local
< Access-Control-Allow-Origin: *
< Cache-Control: max-age=300
< Date: Fri, 05 Feb 2016 00:36:17 GMT
< Expires: Fri, 05 Feb 2016 00:41:17 GMT
< X-Powered-By: Express
< Content-Length: 35
< Connection: keep-alive

我得到了回复

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Cache-Control: max-age=300
< Date: Fri, 05 Feb 2016 00:36:06 GMT
< Expires: Fri, 05 Feb 2016 00:41:06 GMT
< X-Powered-By: Express
< Content-Length: 35
< Connection: keep-alive

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: my.local
< Access-Control-Allow-Origin: *
< Cache-Control: max-age=300
< Date: Fri, 05 Feb 2016 00:36:17 GMT
< Expires: Fri, 05 Feb 2016 00:41:17 GMT
< X-Powered-By: Express
< Content-Length: 35
< Connection: keep-alive

---

它添加了两个

访问控制允许原点

，这将阻止任何请求

在cors js中可能是remove origin:true或set false那么你的意思是在Express中关闭cors，在Nginx中保持打开状态？是的，值得一试我想我尝试过从Express中删除，但仍然看到了双标题。