server {
listen 80;
server_name localhost;
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS' always;
if ( $request_method = 'OPTIONS' ) {
return 204;
}
//......
}
注意,当’Access-Control-Allow-Credentials’ 'true’的时候,Access-Control-Allow-Origin不可以为*,因为*不允许发送cookie,必须为请求者的Origin header