“跨域出错500”的版本间的差异
跳到导航
跳到搜索
(→进阶) |
(→2020) |
||
(未显示同一用户的2个中间版本) | |||
第61行: | 第61行: | ||
=跨域nginx相关的配置= | =跨域nginx相关的配置= | ||
<pre> | <pre> | ||
+ | |||
+ | |||
+ | #evan 下载站 Sat 07 Nov 2020 04:32:11 PM CST | ||
+ | |||
+ | location / { | ||
+ | autoindex on; | ||
+ | autoindex_exact_size on; | ||
+ | autoindex_localtime on; | ||
+ | |||
+ | #evan | ||
+ | add_header Access-Control-Allow-Origin $http_origin; | ||
+ | add_header Access-Control-Allow-Headers *; | ||
+ | add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; | ||
+ | if ( $request_method = 'OPTIONS' ) { | ||
+ | add_header Access-Control-Allow-Origin $http_origin; | ||
+ | add_header Access-Control-Allow-Headers *; | ||
+ | add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; | ||
+ | add_header Access-Control-Allow-Credentials true; | ||
+ | return 204; | ||
+ | } | ||
+ | #evan | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
跨域相关的配置,主要是下面这部分 完整例子见下面 | 跨域相关的配置,主要是下面这部分 完整例子见下面 | ||
第173行: | 第200行: | ||
add_header Access-Control-Allow-Headers X-Data-Type,X-Auth-Token; | add_header Access-Control-Allow-Headers X-Data-Type,X-Auth-Token; | ||
} | } | ||
+ | |||
+ | ## Jun 19 2024 ,Tenantid'; 特别的 Tenant | ||
+ | |||
+ | add_header Access-Control-Allow-Origin $http_origin always; | ||
+ | add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; | ||
+ | add_header Access-Control-Allow-Headers 'X-Forwarded-For,cert,sign,time,ukey_token,Locale,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,Tenantid'; | ||
+ | add_header 'Access-Control-Allow-Credentials' 'true'; | ||
+ | |||
+ | |||
#### | #### |
2024年6月19日 (三) 11:10的最新版本
今天 就遇到程序小哥说什么 跨域出错-500
目录
HTTP 循环中的 500 错误
任何客户端 ( 例如您的浏览器或我们的 CheckUpDown 机器人 ) 在和您的网络服务器通讯时,都需经过以下循环: 从您站点的 IP 名称 ( 即您的网页地址 - URL, 不带起始的 ‘http://') 获得一个 IP 地址。这个对应关系 ( 即由 IP 名称向 IP 地址转换的对应关系 ) 由域名服务器 (DNSs) 提供。 打开一个 IP socket ( 套接字 ) 连接到该 IP 地址。 通过该 socket 写 HTTP 数据流。 从您的网络服务器接受响应的 HTTP 数据流。该数据流包括状态编码, 其值取决于 HTTP 协议 。 解析 该数据流得到 状态编码 和其他有用信息。
跨域简单入门
跨域,指的是浏览器不能执行其他网站的脚本。它是由浏览器的同源策略造成的,是浏览器施加的安全限制。 所谓同源是指,域名,协议,端口均相同,不明白没关系,举个栗子: http://www.123.com/index.html 调用 http://www.123.com/server.php (非跨域) http://www.123.com/index.html 调用 http://www.456.com/server.php (主域名不同:123/456,跨域) http://abc.123.com/index.html 调用 http://def.123.com/server.php (子域名不同:abc/def,跨域) http://www.123.com:8080/index.html 调用 http://www.123.com:8081/server.php (端口不同:8080/8081,跨域) http://www.123.com/index.html 调用 https://www.123.com/server.php (协议不同:http/https,跨域) 请注意:localhost和127.0.0.1虽然都指向本机,但也属于跨域。 浏览器执行javascript脚本时,会检查这个脚本属于哪个页面,如果不是同源页面,就不会被执行。 解决办法: 1、JSONP: 使用方式就不赘述了,但是要注意JSONP只支持GET请求,不支持POST请求。 2、代理: 例如www.123.com/index.html需要调用www.456.com/server.php,可以写一个接口www.123.com/server.php,由这个接口在后端去调用www.456.com/server.php并拿到返回值,然后再返回给index.html,这就是一个代理的模式。相当于绕过了浏览器端,自然就不存在跨域问题。 3、PHP端修改header(XHR2方式) 或者nginx 在php等接口脚本中加入以下两句即可: header('Access-Control-Allow-Origin:*');//允许所有来源访问 header('Access-Control-Allow-Method:POST,GET');//允许访问的方式
跨域nginx相关的配置
#evan 下载站 Sat 07 Nov 2020 04:32:11 PM CST location / { autoindex on; autoindex_exact_size on; autoindex_localtime on; #evan add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers *; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; if ( $request_method = 'OPTIONS' ) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers *; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; add_header Access-Control-Allow-Credentials true; return 204; } #evan 跨域相关的配置,主要是下面这部分 完整例子见下面 location /aoda-web { add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; 下面简单讲解一下,以便大家配置成功! 1、Access-Control-Allow-Origin,这里使用变量 $http_origin取得当前来源域,大家说用“*”代表允许所有,我实际使用并不成功,原因未知; 2、Access-Control-Allow-Credentials,为 true 的时候指请求时可带上Cookie,自己按情况配置吧; 3、Access-Control-Allow-Methods,OPTIONS一定要有的,另外一般也就GET和POST,如果你有其它的也可加进去; 4、Access-Control-Allow-Headers,这个要注意,里面一定要包含自定义的http头字段(就是说前端请求接口时,如果在http头里加了自定义的字段,这里配置一定要写上相应的字段),从上面可看到我写的比较长,我在网上搜索一些常用的写进去了,里面有“web-token”和“app-token”,这个是我项目里前端请求时设置的,所以我在这里要写上; 5、Access-Control-Expose-Headers,可不设置,看网上大致意思是默认只能获返回头的6个基本字段,要获取其它额外的,先在这设置才能获取它; 6、语句“ if ($request_method = 'OPTIONS') { ”,因为浏览器判断是否允许跨域时会先往后端发一个 options 请求,然后根据返回的结果判断是否允许跨域请求,所以这里单独判断这个请求,然后直接返回; 好了,按我上面配置基本都可使用(有些朋友确定只百度复制了两行,然后说配置好了,跟前端朋友互扯) cailuw-market 加在ng 主配置文件 location / { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ($request_method = 'OPTIONS') { return 204; } } 完整的例子 server { listen 80; server_name local-secret-payroll.net; location / { add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; ### } proxy_pass http://192.168.11.242:80; #转发地址:端口 proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /salary{ proxy_set_header Host api.net:9011; proxy_pass http://api.com:9011/salary/; } }
我也说说Nginx解决前端跨域问题,正确的Nginx跨域配置(后端Nginx CORS跨域配置、CORS设置,后端允许跨域请求)
Nginx配置跨域请求 Access-Control-Allow-Origin
lx
2020
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://apiconch; ## add_header Access-Control-Allow-Origin *; #add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'access-token,cert,sign,time,ukey_token,Locale,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E5M-With,userId,token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; add_header 'Access-Control-Allow-Credentials' 'true'; if ( $request_method = 'OPTIONS' ) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers 'access-token,cert,sign,time,ukey_token,Locale,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token'; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers X-Data-Type,X-Auth-Token; } ## Jun 19 2024 ,Tenantid'; 特别的 Tenant add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'X-Forwarded-For,cert,sign,time,ukey_token,Locale,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,Tenantid'; add_header 'Access-Control-Allow-Credentials' 'true'; ####
### file vm proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ( $request_method = 'OPTIONS' ) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Data-Type,X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers X-Data-Type,X-Auth-Token; } ####file # Mon Sep 2 18:34:59 CST 2019 add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ( $request_method = 'OPTIONS' ) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Data-Type,X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers X-Data-Type,X-Auth-Token; } location / { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; # # Custom headers and headers various browsers *should* be OK with but aren't # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; # # Tell client that this pre-flight info is valid for 20 days # add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; } }
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header
see also
AJAX跨域请求,jquery ajax跨域报500,解决ajax跨域的解决办法
jquery ajax 访问webservice 报错:500 Internal Server Error
http跨域请求过程发出两次请求options请求,修改请求头未生效
进阶
nginx 配置add_header 'Access-Control-Allow-Origin' '*' 依然存在跨域问题
跨域问题Access to XMLHttpRequest'*'from origin '*' has been blocked by CORS..Access-Control-Allow-Origin
解决跨域问题 has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present