Cross-domain access configuration and CORS protocol support guide for setting up Nginx server-Nginx-php.cn

Home

Operation and Maintenance

Nginx

Cross-domain access configuration and CORS protocol support guide for setting up Nginx server

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Aug 04, 2023 pm 10:57 PM

nginx cors Cross-domain access

Nginx cross-domain access configuration and CORS protocol support guide for building a server

Introduction:
In current web application development, cross-domain requests have become a common requirement. To ensure security, browsers restrict cross-domain operations through AJAX requests by default. The CORS (Cross-Origin Resource Sharing) protocol provides developers with a reliable solution to achieve controllable authorization of cross-domain access.

Nginx is a high-performance web server and reverse proxy server. This article will introduce how to use Nginx to build the server's cross-domain access configuration and CORS protocol support.

Configuring cross-domain access to the server
In order to authorize access from other domain names, we first need to add cross-domain access configuration to the Nginx configuration file. Open the Nginx configuration file (usually /etc/nginx/nginx.conf) and add the following configuration in the http section:

http {
    ...
    
    # 允许跨域访问
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
    add_header Access-Control-Expose-Headers 'Content-Length,Content-Range';
}

Copy after login

The above configuration allows access from all domain names (*) and supports GET, POST, OPTIONS methods. At the same time, we also specify some common request header information.

After saving and exiting the configuration file, reload the Nginx configuration to make it effective:

$ sudo nginx -s reload

Copy after login

Configure CORS protocol support
After adding the cross-domain access configuration to the server, we Support for the CORS protocol can also be configured in a more fine-grained manner. The following is an example configuration that only allows cross-domain access to specified domain names:

http {
    ...
    
    # 配置CORS
    map $http_origin $allowed_origin {
        default "";
        ~^https?://(www.)?example.com$ $http_origin;
        ~^https?://(www.)?example.net$ $http_origin;
    }
    
    server {
        ...
        
        location / {
            if ($allowed_origin != "") {
                add_header 'Access-Control-Allow-Origin' $allowed_origin;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
            }
            
            ...
        }
    }
}

Copy after login

In the above configuration, we use the map directive to define a $allowed_originVariable, used to store domain names that allow cross-domain access. location / is configured in the server block, and the if directive is used to determine whether the domain name of the current request source is in the allowed list. If so, add the corresponding CORS header information. In addition, we can also add more rules according to our needs.

Preflight of CORS requests
In some cases, cross-domain requests require preflight operations. For example, when custom request header information or non-simple requests (such as PUT, DELETE, etc.) are used. A preflight request is an OPTIONS request sent before the actual request to obtain the server's authorization for the actual request.

In order to support preflight requests, we only need to add the following configuration in the location / block:

location / {
    ...
    
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' $allowed_origin;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';

        return 204;
    }
    
    ...
}

Copy after login

In the above configuration, when the request method is OPTIONS, we return 204 (No Content) and add CORS header information.

Conclusion:
Through the above configuration, we can easily build the server's cross-domain access configuration and CORS protocol support. Whether it is a simple cross-domain request or a complex preflight request, Nginx can provide flexible and reliable solutions.

References:

[Nginx official documentation](https://nginx.org/en/docs/)
[CORS official documentation](https ://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)

The above is the detailed content of Cross-domain access configuration and CORS protocol support guide for setting up Nginx server. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

4 weeks ago By DDD

Atomfall guide: item locations, quest guides, and tips

1 months ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7677

CakePHP Tutorial

1393

C# Tutorial

1207

What is the format of the account name of steam

win11 activation key permanent

Related knowledge

How to configure cloud server domain name in nginx Apr 14, 2025 pm 12:18 PM

How to configure an Nginx domain name on a cloud server: Create an A record pointing to the public IP address of the cloud server. Add virtual host blocks in the Nginx configuration file, specifying the listening port, domain name, and website root directory. Restart Nginx to apply the changes. Access the domain name test configuration. Other notes: Install the SSL certificate to enable HTTPS, ensure that the firewall allows port 80 traffic, and wait for DNS resolution to take effect.

How to check whether nginx is started Apr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to check the name of the docker container Apr 15, 2025 pm 12:21 PM

You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).

How to check nginx version Apr 14, 2025 am 11:57 AM

The methods that can query the Nginx version are: use the nginx -v command; view the version directive in the nginx.conf file; open the Nginx error page and view the page title.

How to start nginx server Apr 14, 2025 pm 12:27 PM

Starting an Nginx server requires different steps according to different operating systems: Linux/Unix system: Install the Nginx package (for example, using apt-get or yum). Use systemctl to start an Nginx service (for example, sudo systemctl start nginx). Windows system: Download and install Windows binary files. Start Nginx using the nginx.exe executable (for example, nginx.exe -c conf\nginx.conf). No matter which operating system you use, you can access the server IP

How to configure nginx in Windows Apr 14, 2025 pm 12:57 PM

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

How to create containers for docker Apr 15, 2025 pm 12:18 PM

Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]

How to start containers by docker Apr 15, 2025 pm 12:27 PM

Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".

See all articles