在NGINX对同一server.Cant有多种不同的网站重定向的请求使其工作（CORS）

Question

我想从我的网站一个设置一些请求重定向到网站乙

这是我的网站nginx的配置一个：

location /api { 

    add_header 'Access-Control-Allow-Origin' '*'; 
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
    add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
    add_header 'Access-Control-Max-Age' 1728000; 
    add_header 'Content-Type' 'text/plain; charset=utf-8'; 

    return 301 http://site-B.dev\$request_uri; 

} 

即时得到这个错误控制台：

无法 http://site-B.dev/api/route加载：响应 预检请求未通过访问控制检查：否 “访问控制允许来源”标题存在于所请求的资源 。因此不允许访问原产地'http://site-A.dev'。

请求示例：

Request URL:http://site-A.dev/api/route 
Request Method:GET 
Status Code:301 Moved Permanently 
Remote Address:192.168.10.10:80 
Referrer Policy:no-referrer-when-downgrade 
Response Headers 
view source 
Access-Control-Allow-Headers:DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range 
Access-Control-Allow-Methods:GET, POST, OPTIONS 
Access-Control-Allow-Origin:* 
Access-Control-Expose-Headers:DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range 
Access-Control-Max-Age:1728000 
Connection:keep-alive 
Content-Length:185 
Content-Type:text/html 
Content-Type:text/plain; charset=utf-8 
Date:Tue, 17 Oct 2017 15:46:22 GMT 
Location:http://site-B.dev/api/route 
Server:nginx/1.13.3 
Request Headers 
view source 
Accept:application/json 
Accept-Encoding:gzip, deflate 
Accept-Language:pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 
Access-Control-Allow-Headers:X-PINGOTHER, Content-Type, Authorization, Content-Length, X-Requested-With 
Access-Control-Allow-Methods:PUT,GET,POST,DELETE,OPTIONS 
Connection:keep-alive 
Cookie:laravel_session=eyJpdiI6IjFteWJUNmNPZVhZRGZ1cVNGdXB5Ync9PSIsInZhbHVlIjoicVdGV2Q3XC9lV09MbEd3MTRyK0dYcE94R1BJbjdid3VUZDVTMVg2ZlJPT0o5aUFjYTg5UXY0c3RGc2JRYlJMVTc4eFk5bTViMGk0UmJZZUxZK2ZCeGZBPT0iLCJtYWMiOiIxMjZjNjg4ZDIwM2ZiYjc5Y2RhYmU3MjI3NTQxMmNmMTFiYWQxYWNlYzk5MWY0ZTZhYzQ5YTkyMGM0MDMzZDJlIn0%3D 
Host:dite-A.dev 
Referer:http://site-A.dev/ 
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 

重定向的请求：

Request URL:http://site-B.dev/api/route 
Request Method:OPTIONS 
Status Code:200 OK 
Remote Address:192.168.10.10:80 
Referrer Policy:no-referrer-when-downgrade 
Response Headers 
view source 
Allow:GET,HEAD 
Cache-Control:no-cache, private 
Connection:keep-alive 
Content-Encoding:gzip 
Content-Type:text/html; charset=UTF-8 
Date:Tue, 17 Oct 2017 15:46:22 GMT 
Server:nginx/1.13.3 
Transfer-Encoding:chunked 
Request Headers 
view source 
Accept:*/* 
Accept-Encoding:gzip, deflate 
Accept-Language:pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 
Access-Control-Request-Headers:access-control-allow-headers,access-control-allow-methods 
Access-Control-Request-Method:GET 
Connection:keep-alive 
Host:site-B.dev 
Origin:http://site-A.dev 
Referer:http://site-A.dev 
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 

它的奇怪，因为即时得到成功响应，但它们是空的，如果我发送请求，直接到现场-B即时得到用正确的数据正常响应。

是否有解决我的问题？这是什么问题，为什么我在控制台中有这样的错误，即使我添加Acess-Control-Allow-Origin头？

Answer 1

基于错误代码，它看起来你没有配置为处理预检要求任何设置，请求类型将OPTIONS，在你的nginx的配置中添加了类似的块来处理OPTIONS

location/{ 
    if ($request_method = 'OPTIONS') { 
     add_header 'Access-Control-Allow-Origin' '*'; 
     add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
     add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
     add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; 
     add_header 'Access-Control-Max-Age' 1728000; 
     add_header 'Content-Type' 'text/plain; charset=utf-8'; 
     add_header 'Content-Length' 0; 
     return 204; 
    }