I want to access a laravel 5.5 api endpoint https://foo.bar.com/api/v1.0/foo/bar
from another origin. Thus I need to allow cross origin requests. I've added the header to my nginx config. Yet my browser still complains about it not being present. This is my nginx config:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
}
sendfile off;
}
I already took the info from the link @DigitalDrifter has posted. But it seems just adding the Access-Control-Allow-Origin
isn't enough to get it to work. Although I don't care about access methods and such. So this got the deal working:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
sendfile off;
}
add both lines into below file
/etc/nginx/sites-available/yours_conf_file
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
and restart nginx server
sudo systemctl restart nginx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.