nginx之cors

方法一：

server {
    listen       80;
    server_name  www.fuwo1.com;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }
	location /static/ {
	add_header Access-Control-Allow-Origin *;
	rewrite ^(.*)$ http://static.fuwo1.com$1 permanent;
	}

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

}


server {
	listen 80;
	server_name static.fuwo1.com;
	root /usr/share/nginx/html/;
	location /static/ {
		add_header Access-Control-Allow-Origin *;
	#	rewrite ^(.*)$ http://static.fuwo1.com$1 permanent;
		expires 365d;
	}
	rewrite /crossdomain.xml /static/crossdomain.xml;
}

方法二

https://my.oschina.net/u/260715/blog/796673

方法三

# vi /etc/nginx/conf.d/cors.txt

#if ($http_origin ~* "http[s]?://.*?\.test\.com") {
#if ($http_origin ~* "http://sc.test.com") {
#if ($http_origin ~* "*") {
#    set $cors_header_origin $http_origin;
#}
set $cors_header_origin '*';
set $cors_header_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_header_headers 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,token,Origin,Authorization,Accept';
set $cors_header_credentials 'true';
set $cors_header_max_age 1728000;

if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' $cors_header_origin;
    add_header 'Access-Control-Allow-Methods' $cors_header_methods;
    add_header 'Access-Control-Allow-Headers' $cors_header_headers;
    add_header 'Access-Control-Allow-Credentials' $cors_header_credentials;
    add_header 'Access-Control-Max-Age' $cors_header_max_age;

    add_header 'Content-Type' 'text/plain charset=UTF-8';
    add_header 'Content-Length' 0;
    return 204;
}
if ($request_method = 'POST') {
    add_header 'Access-Control-Allow-Origin' $cors_header_origin;
    add_header 'Access-Control-Allow-Methods' $cors_header_methods;
    add_header 'Access-Control-Allow-Headers' $cors_header_headers;
    add_header 'Access-Control-Allow-Credentials' $cors_header_credentials;
    add_header 'Access-Control-Allow-Headers' $cors_header_headers;
}
if ($request_method = 'GET') {
    add_header 'Access-Control-Allow-Origin' $cors_header_origin;
    add_header 'Access-Control-Allow-Methods' $cors_header_methods;
    add_header 'Access-Control-Allow-Headers' $cors_header_headers;
    add_header 'Access-Control-Allow-Credentials' $cors_header_credentials;
    add_header 'Access-Control-Allow-Headers' $cors_header_headers;
}