Access-Control-Allow-Origin 解决跨域权限问题

今天设置静态资源服务器时发现

Font from origin 'http://start.fbzl.org' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://lib.fbzl.org' is therefore not allowed access.

这里我给静态资源单独设置了一个域名,其它页面调用时发生了跨越权限问题。

Nginx 解决办法:

add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;

将这段代码添加到 http{} 或者静态资源对应的 server{}

如果只为自己的网站使用可以将第一行代码的星号改为自己的域名,例如 *.fbzl.org

参考资料

https://www.w3.org/TR/cors/#access-control-allow-methods-response-header

除非注明, 风波竹林 文章均为原创,转载请以链接形式标明本文地址
本文地址: https://blog.fbzl.org/access-control-allow-origin-解决跨域权限问题/

发表回复