Perfect solution to nginx cross-domain problem Request header field x-token is not allowed by Access-Control-Allow-Headers in prefligh

Enterprise 2023-05-04 15:10:50 views: null

Access-Control-Allow-Headers

The response header Access-Control-Allow-Headers is used in the preflight request (preflight request), and lists the header information that will appear in the Access-Control-Request-Headers field of the formal request.

Simple headers, such as simple headers, Accept, Accept-Language, Content-Language, Content-Type (limited to the three MIME values ​​of application/x-www-form-urlencoded, multipart/form-data or text/plain after parsing type (excluding parameters)), they are always supported and do not need to be specifically listed in this header.

This header is required if the request contains the Access-Control-Request-Headers field.

Creator: Wu Zishan

Problems encountered:

When nginx acts as a proxy for the backend server and wants to upload files to the platform, it finds that the service has a cross-domain problem:

提示CORS :No ‘Access-Control-Allow-Origin’ header

insert image description here

First, common cross-domain configurations are configured in nginx,

add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
After restarting nginx, the problem was solved, but another cross-domain error occurred:

“Request header field x-token is not allowed by Access-Control-Allow-Headers in preflight response.”

insert image description here

Then go to the official website to search and query, and interpret the meaning of each header. . . (long time)

Finally, according to the needs of our own services, we configure a complete set of nginx configurations that perfectly solve cross-domain problems:

	add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, DELETE, PUT, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, X-Custom-Header, Access-Control-Expose-Headers, Token, Authorization';
	add_header 'Access-Control-Allow-Headers'  '*';
    add_header 'Access-Control-Max-Age' 1728000;

Although it took a lot of time to get this, but finally solved the problem, it is still feasible.

You are welcome to refer to it, and you can also raise questions or different opinions.

Original works, please indicate the source for reprinting! !

Guess you like

Origin blog.csdn.net/Zisson_no_error/article/details/119357629
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com