目前,我已经在我的Apache服务器上完美地使用了这些.htaccess规则:
Presently I have these .htaccess rules working perfectly on my Apache server:
<IfModule mod_headers.c> SetEnvIf Origin "(www\.)?(domain|beta.domain|domain.loc)$" AccessControlAllowOrigin=$0 Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN" Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" Header set Access-Control-Allow-Credentials true </IfModule> <IfModule mod_rewrite.c> RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule>最近切换到Nginx的决定要求我们实施相同的操作.我仍然对它的内部了解不多,确实需要帮助将其转换为它的nginx配置副本.
Recent decision to switch to nginx requires us to implement the same. I'm still getting a hang of its internals and really need help converting this into its nginx config counterpart.
到目前为止,我尝试过的操作:
server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/self-signed.conf; include snippets/ssl-params.conf; server_name api.mydomain.loc; root /var/www/mydomain/api/public; index index.html index.htm index.php; location / { if ($http_origin ~* (www\.)?(mydomain.loc)) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN"; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; add_header Access-Control-Allow-Credentials true; } if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.ht { deny all; } }我们将不胜感激.
推荐答案问题中与Apache配置最简单的nginx等效项是,只需使用add_header并将其全部包装在执行正则表达式的if块中与$http_origin匹配:
The simplest nginx equivalent of the Apache config in the question would be, just use add_header and wrap it all in anif block that does a regex match against $http_origin:
location / { if ($http_origin ~* (www\.)?(domain|beta.domain|domain.loc)) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN"; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" add_header Access-Control-Allow-Credentials true } # use $http_authorization to get the value of the Authorization request header }nginx不需要您使用Apache进行的其他RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]操作;只需使用$http_authorization.
The extra RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] stuff that you need to do with Apache isn’t necessary with nginx; instead just use $http_authorization.
请注意,nginx中变量的变量以为前缀a>是特殊变量:
Note that variables in nginx that have names prefixed with $http_ are special variables:
$http_name 任意请求标头字段;变量名称的最后一部分是字段名称 转换为小写字母,并用下划线代替了短划线
$http_name arbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores
因此$http_origin为您提供Origin请求标头的值,$http_authorization为您提供Authorization请求标头的值,等等.
Thus $http_origin gives you the value of the Origin request header, $http_authorization gives you the value of the Authorization request header, etc.
更多推荐
CORS规定了从Apache .htaccess到nginx的覆盖范围
发布评论