webman最新版资源文件放在pubic下面别的网站请求访问下载会跨域

晚安。

问题描述

请问下这个问题要怎么处理下

Access to XMLHttpRequest at 'https://api.aaa.com/down_zip/20240525121035561765516.zip' from origin 'https://www.pppp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

反向代理配置

#PROXY-START/

location ^~ /
{
    proxy_pass http://127.0.0.1:1300;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    # proxy_hide_header Upgrade;

    add_header Access-Control-Allow-Origin "*";
    add_header Access-Control-Allow-Methods "*";
    add_header Access-Control-Allow-Headers "authorization, token";
    add_header X-Cache $upstream_cache_status;
    #Set Nginx Cache

    set $static_filevO5uJYW3 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_filevO5uJYW3 1;
        expires 1m;
    }
    if ( $static_filevO5uJYW3 = 0 )
    {
        add_header Cache-Control no-cache;
    }
}
#PROXY-END/
432 1 0
1个回答

latin

静态资源一般都走的nginx,是否跨域与webman已经没有关系了,需要nginx里配置跨域头,并重启nginx。
如果还是提示 No 'Access-Control-Allow-Origin' header is present 那就是nginx哪里没设置对或冲突了

  • 晚安。 2024-05-25

    nginx已经配置了 上面发了

  • latin 2024-05-25

    就像我上面说的nginx哪里没设置对或冲突了,比如走了其它地方设置了规则,没走 location ^~ /

  • 晚安。 2024-05-25

    能帮我看下吗 需要我发哪里的配置

  • 晚安。 2024-05-25

    zip后缀的就会提示跨域,png,jpg的就不会提示

  • laozhong 10天前

    NGINX:

        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' '*';
        add_header 'Access-Control-Allow-Headers' '*';

    app\middleware\AccessControl::process:

        // 如果是options请求则返回一个空响应,否则继续向洋葱芯穿越,并得到一个响应
       $response = $request->method() == 'OPTIONS' ? response('') : $handler($request);
        // 给响应添加跨域相关的http头
        // $response->withHeaders([
        //     'Access-Control-Allow-Credentials' => 'true',
        //     'Access-Control-Allow-Origin' => $request->header('origin', '*'),
        //     'Access-Control-Allow-Methods' => $request->header('access-control-request-method', '*'),
        //     'Access-Control-Allow-Headers' => $request->header('access-control-request-headers', '*'),
        // ]);
    
        return $response;
×
🔝