gpt4 book ai didi

Nginx 使用带有凭据的 CORS

转载 作者:行者123 更新时间:2023-12-01 21:23:46 24 4
gpt4 key购买 nike

我正在构建一个通过 Nginx 服务器与 Laravell API 通信的 Web 应用程序。我尝试按照 Nginx 网站上的说明进行操作 wide open cors ,但它不喜欢发送凭据时的通配符响应。

Access to fetch at 'https://api.***.com/' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '' when the request's credentials mode is 'include'.

API 服务器需要 Bearer 访问 token 进行身份验证,并且每个端点都位于服务器上自己的路径上。在这种情况下,正确配置 Nginx 的方法是什么?

最佳答案

错误信息是正确的,你不能使用通配符来源凭证:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

For requests without credentials, the literal value "*" can be specified, as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource. Attempting to use the wildcard with credentials will result in an error.

相反,只需传回实际来源,即到达 Origin HTTP header 的来源,那么它将始终匹配:

add_header Access-Control-Allow-Origin $http_origin always;

关于Nginx 使用带有凭据的 CORS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63400059/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com