HTML
- 7 ответов
- 0 вопросов
5
Вклад в тег
Access-Control-Allow-*
потребуются во всех типах запросов. Поэтому их нет необходимости сегментировать как на enable-cors.orgif ($request_method)
на уровне location, а не server, была связана с особенностям работы nginx.server {
#Authentification
satisfy any;
allow 123.456.789.001;
allow 123.456.789.002;
deny all;
auth_basic "Admin section";
auth_basic_user_file .htpasswd;
#CORS
add_header Access-Control-Allow-Origin "http://localhost"; # <- needs to be updated
add_header Access-Control-Allow-Methods "GET, OPTIONS"; #
add_header Access-Control-Allow-Headers "Authorization";
add_header Access-Control-Allow-Credentials "true";
location / {
if ($request_method = OPTIONS ) { # <- because if ($request_method) doesn't work on server level
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
#Routing
location ~ ^/(images|javascripts|stylesheets|system)/ {
root /some/directory/for/rails/app/public;
expires max;
break;
}
location ... {
...
}
}
<a href="geo:55.717771, 37.735467">Find Us</a>
<a href="maps:894%20Granville%20Street%20Vancouver%20BC%20V6Z%201K3">Find Us</a>
The Same Origin Policy disallows reading the remote resource ...