[英]How to set the value of the Access-Control-Allow-Origin header based on a list of allowed origins?
I have read quite a lot of posts but none of them worked though.我已经阅读了很多帖子,但它们都没有奏效。
I have ec2 setup in aws installed with ubuntu 16.04 and nginx.我在安装了 ubuntu 16.04 和 nginx 的 aws 中安装了 ec2。 went into the
site-available
/ site-enabled
to 'Access-Control-Allow-Origin'
allowing one domain access, but how can I add more than one domain access?进入
site-available
/ site-enabled
以'Access-Control-Allow-Origin'
允许一个域访问,但如何添加多个域访问?
I would get multiple values error if I add more than one accress.如果我添加一个以上的访问,我会得到多个值错误。 Lots posts are about php such as
很多帖子都是关于 php 的,例如
NGINX 'Access-Control-Allow-Origin' header contains multiple values NGINX 'Access-Control-Allow-Origin' 标头包含多个值
even though I am not using php but I have tried using the code above but does not work though.即使我没有使用 php,但我已经尝试使用上面的代码,但不起作用。
is anyone able to give me a hand or direct me how this can be done on server?有没有人可以帮我或指导我如何在服务器上完成?
Thanks in advance.提前致谢。
You can conditionally cause the Access-Control-Allow-Origin
response header to be sent, with the right value, by adding something like the following to your nginx config.您可以通过在 nginx 配置中添加类似以下内容,有条件
Access-Control-Allow-Origin
使用正确的值发送Access-Control-Allow-Origin
响应标头。
location / {
set $is_allowed_origin "";
if ($http_origin = "https://some.allowed.origin") {
set $is_allowed_origin "true";
}
if ($http_origin = "https://another.allowed.origin") {
set $is_allowed_origin "true";
}
if ($is_allowed_origin = "true") {
add_header "Access-Control-Allow-Origin" "$http_origin";
}
}
That'll cause Access-Control-Allow-Origin: https://some.allowed.origin
to be sent if the value of the Origin
request header in the request is https://some.allowed.origin
, and will cause Access-Control-Allow-Origin: https://another.allowed.origin
to be sent if the Origin
is https://another.allowed.origin
, etc.如果请求中的
Origin
请求标头的值为https://some.allowed.origin
,则会导致Access-Control-Allow-Origin: https://some.allowed.origin
被发送,并且会导致Access-Control-Allow-Origin: https://another.allowed.origin
如果Origin
是https://another.allowed.origin
,则发送https://another.allowed.origin
等。
And if the value of the Origin
request header is neither https://some.allowed.origin
or https://another.allowed.origin
, then no Access-Control-Allow-Origin
would be sent.如果
Origin
请求标头的值既不是https://some.allowed.origin
也不是https://another.allowed.origin
,则不会发送Access-Control-Allow-Origin
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.