run produccion para nodejs node configurar con node.js nginx cors reverse-proxy

node.js - produccion - ¿Cómo habilitar CORS en el servidor proxy Nginx?



node js production server (1)

El problema es que su condición if no va a enviar los encabezados en el padre en / . Si comprueba los encabezados de respuesta de verificación previa sería

HTTP/1.1 204 No Content Server: nginx/1.13.3 Date: Fri, 01 Sep 2017 05:24:04 GMT Connection: keep-alive Access-Control-Max-Age: 1728000 Content-Type: text/plain charset=UTF-8 Content-Length: 0

Y eso no da nada. Entonces dos posibles soluciones para ti. Copie el add_header dentro si el bloqueo también

server { listen 80; server_name api.localhost; location / { add_header ''Access-Control-Allow-Origin'' ''http://api.localhost''; add_header ''Access-Control-Allow_Credentials'' ''true''; add_header ''Access-Control-Allow-Headers'' ''Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range''; add_header ''Access-Control-Allow-Methods'' ''GET,POST,OPTIONS,PUT,DELETE,PATCH''; if ($request_method = ''OPTIONS'') { add_header ''Access-Control-Allow-Origin'' ''http://api.localhost''; add_header ''Access-Control-Allow_Credentials'' ''true''; add_header ''Access-Control-Allow-Headers'' ''Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range''; add_header ''Access-Control-Allow-Methods'' ''GET,POST,OPTIONS,PUT,DELETE,PATCH''; add_header ''Access-Control-Max-Age'' 1728000; add_header ''Content-Type'' ''text/plain charset=UTF-8''; add_header ''Content-Length'' 0; return 204; } proxy_redirect off; proxy_set_header host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-forward-for $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:3000; } }

O puede moverlo fuera del bloque de ubicación, por lo que cada solicitud tiene la respuesta

server { listen 80; server_name api.localhost; add_header ''Access-Control-Allow-Origin'' ''http://api.localhost''; add_header ''Access-Control-Allow_Credentials'' ''true''; add_header ''Access-Control-Allow-Headers'' ''Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range''; add_header ''Access-Control-Allow-Methods'' ''GET,POST,OPTIONS,PUT,DELETE,PATCH''; location / { if ($request_method = ''OPTIONS'') { add_header ''Access-Control-Max-Age'' 1728000; add_header ''Content-Type'' ''text/plain charset=UTF-8''; add_header ''Content-Length'' 0; return 204; } proxy_redirect off; proxy_set_header host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-forward-for $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:3000; } }

Si solo quieres permitir ciertas ubicaciones en tu configuración para CORS. como /api entonces deberías crear una plantilla conf con tus encabezados

add_header ''Access-Control-Allow-Origin'' ''http://api.localhost''; add_header ''Access-Control-Allow_Credentials'' ''true''; add_header ''Access-Control-Allow-Headers'' ''Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range''; add_header ''Access-Control-Allow-Methods'' ''GET,POST,OPTIONS,PUT,DELETE,PATCH'';

y luego usa

include conf.d/corsheaders.conf;

en tu bloque de OPTIONS y bloque /api . Entonces CORS solo está permitido para /api . Si no le importa qué ubicación para CORS, puede utilizar el segundo enfoque de mover los encabezados de núcleo al bloque de servidor

Como mi título, aquí está el archivo de configuración ubicado en conf.d / api-server.conf

server { listen 80; server_name api.localhost; location / { add_header ''Access-Control-Allow-Origin'' ''http://api.localhost''; add_header ''Access-Control-Allow_Credentials'' ''true''; add_header ''Access-Control-Allow-Headers'' ''Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range''; add_header ''Access-Control-Allow-Methods'' ''GET,POST,OPTIONS,PUT,DELETE,PATCH''; if ($request_method = ''OPTIONS'') { add_header ''Access-Control-Max-Age'' 1728000; add_header ''Content-Type'' ''text/plain charset=UTF-8''; add_header ''Content-Length'' 0; return 204; } proxy_redirect off; proxy_set_header host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-forward-for $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:3000; } }

El archivo nginx.conf permanece igual que el predeterminado.

Después de enviar la solicitud a api.localhost (api.localhost / admin / login), sigo recibiendo el error 405:

XMLHttpRequest cannot load http://api.localhost/admin/login. Response to preflight request doesn''t pass access control check: No ''Access- Control-Allow-Origin'' header is present on the requested resource. Origin ''http://admin.localhost:3000'' is therefore not allowed access. The response had HTTP status code 405.