今天设置静态资源服务器时发现
Font from origin 'http://start.fbzl.org' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://lib.fbzl.org' is therefore not allowed access.
这里我给静态资源单独设置了一个域名,其它页面调用时发生了跨越权限问题。
Nginx 解决办法:
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
将这段代码添加到 http{}
或者静态资源对应的 server{}
中
如果只为自己的网站使用可以将第一行代码的星号改为自己的域名,例如 *.fbzl.org
参考资料
https://www.w3.org/TR/cors/#access-control-allow-methods-response-header