我对此感到非常沮丧,因为我似乎无法弄清楚为什么会这样。
我有一个运行良好的 Django webapp。当我尝试更改 worker_connections 时,我开始遇到 CORS 问题。我恢复了这个号码,但仍然遇到 CORS 问题。
我的 nginx 配置如下所示
upstream backend {
#ip_hash;
#server 38.106.79.195;
server unix:/home/www/api.to/app.sock;
}
server {
server_name api.pdf.to;
client_max_body_size 10000m;
gzip_disable "msie6";
access_log off;
error_log on;
gzip_vary on;
gzip on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types application/javascript application/font-ttf ttf text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
location /word/report.html {
alias /var/log/nginx/report.html;
}
location / {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
if ($request_method = OPTIONS ) {
return 200;
}
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_read_timeout 1000; # this
}
location /static/downloads {
alias /home/www/api.to/static/downloads/;
add_header Content-disposition "attachment; filename=$1";
default_type application/octet-stream;
}
location /static/ {
alias /home/www/api.to/static/;
expires 35d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
}
location /static/downloads {
alias /home/www/api.to/static/downloads/;
add_header Content-disposition "attachment; filename=$1";
default_type application/octet-stream;
}
location /static/ {
alias /home/www/api.to/static/;
expires 35d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.pdf.to-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.pdf.to-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
我在我的 Django 应用程序中禁用了 CORS,它工作正常,但在重新加载后它不起作用。我必须添加到我的 nginx
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
if ($request_method = OPTIONS ) {
return 200;
}
这使得它在我将它发送到本地框时有效,但如果我将它发送到上游框(具有相同的 nginx 配置),它会给我一个 404 或 CORS 错误。
进一步推进问题后,我发布了这个问题,后来的答案也解决了这个问题。 https://superuser.com/a/1769407/535078