if ($http_origin = '')Įrror_log /var/log/nginx/ error įastcgi_split_path_info ^(.+\.php)(/.+)$ įastcgi_pass unix:/var/run/php5-fpm. If you're using Access-Control-Allow-Credentials with your CORS request you'll want the cors header wiring within your location to resemble this.Īs the origin has to match the client domain, wildcard doesn't work. The value of this header is a comma-ĭelimited list of response headers you want to expose to the client. If you want clients to be able to access other headers, you have to use theĪccess-Control-Expose-Headers header. The server address is still website1 when the process is over. 3) Javascript uses ajax to get the html in website2 that is not allowed access, it uses the method GET. 2) The PHP file dies an html webpage which includes javascript files in website2. Simple response headers are defined as follows: How this webpage is getting requested is by: 1) Accessing a PHP file of website1. During a CORS request, the getResponseHeader() method can only access GetResponseHeader() method that returns the value of a particular response Access-Control-Expose-Headers (optional) - The XMLHttpRequest 2 object has a nginx config to enable CORS with origin matching Ask Question Asked 4 years, 11 months ago Modified 1 year, 11 months ago Viewed 29k times 15 I've tried to use a very popular config for nginx, which enables CORS and supports origin matching using regular expressions. You may also wish to add Access-Control-Expose-Headers (in the same format as Access-Control-Allow-Headers) in order to expose your custom and/or 'non-simple' headers to ajax requests. # Tell client that this pre-flight info is valid for 20 daysĪdd_header 'Access-Control-Max-Age' 1728000 Īdd_header 'Content-Type' 'text/plain charset=UTF-8' # Custom headers and headers various browsers *should* be OK with but aren'tĪdd_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' Add_header 'Access-Control-Allow-Origin' '*' Īdd_header 'Access-Control-Allow-Credentials' 'true' Īdd_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |