0

我有一个留在cloudflare后面的apache代理

这是场景

世界 -> Cloudflare Https -> Apache -> PHP

世界 -> Cloudflare Https -> Apache/Proxy -> NodeJS

在我的 apache 中,我把这个配置

<VirtualHost *:443>
            ServerAdmin webmaster@localhost
            ServerName  mydomain.com
            ServerAlias www.mydomain.com
            DocumentRoot /var/www/mydomain
            RewriteEngine On
           
            Header set Access-Control-Allow-Origin "*"
            Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
            Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
            <Directory /var/www/mydomain>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
                    Header set Access-Control-Allow-Origin "*"
                    Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
                    Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

            </Directory>
        

            LogLevel debug


            ErrorLog ${APACHE_LOG_DIR}/mydomain-error.log
            CustomLog ${APACHE_LOG_DIR}/mydomain-access.log combined
            SSLEngine on
            SSLCertificateFile /var/www/ssl/crt/mydomain/primary.crt
            SSLCertificateKeyFile /var/www/ssl/crt/mydomain/private.key
</VirtualHost>

但是当从任何域调用 API 时,chrome 和 firefox 上的 cors 总是返回错误

推荐人政策:strict-origin-when-cross-origin

4

1 回答 1

3

我找到了问题的解决方案

第 1 部分:添加到 apache 配置,

你的关键解决方案总是设置好

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "OPTIONS,POST,GET,HEAD,DELETE,PUT"
Header always set Access-Control-Allow-Headers "x-requested-with,Content-Type,origin,authorization,accept,client-sent-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"

第 2 部分,您需要在应用程序中设置一个 OPTIONS HTTP 请求以始终返回 200

您可以使用此 apache 配置自动设置它

RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

这解决了问题

于 2021-02-14T09:42:28.703 回答