Nginx作为静态资源web服务_跨站访问

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/longgeqiaojie304/article/details/85041987

Nginx作为静态资源web服务_跨站访问

1、跨域访问

    

    浏览器同时访问多个域名

 

2、为什么浏览器禁止跨域访问？

       不安全，容易出现CSRF攻击！

 

如果黑客控制的网站B在响应头里添加了让客户端去访问网站A的恶意信息，就会出现CSRF攻击

 

3、Nginx如何配置跨域访问

（1）add_header语法

Syntax:add_header name value [always];
Default:—

Context:http, server, location, if in location

 

语法解释：

add_header name value [always];

name 表示响应头返回的key

value 表示响应头返回的key对应的value

Adds the specified field to a response header provided that the response code equals 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304, 307 (1.1.16, 1.0.13), or 308 (1.13.0). The value can contain variables.

There could be several add_header directives. These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level.

If the always parameter is specified (1.7.5), the header field will be added regardless of the response code.

 

（2）add_header跨域配置

location / {

              proxy_pass http://localhost:8081/;

              add_header Access-Control-Allow-Methods *;

              add_header Access-Control-Max-Age 600;

              add_header Access-Control-Allow-Credentials true;

             

              add_header Access-Control-Allow-Origin $http_origin;

              add_header Access-Control-Allow-Headers

              $http_access_control_request_headers;

             

              if ($request_method = OPTIONS){

                     return 200;

              }

    }