Nginx 未正确将 post 请求传递到子域

tag-icon tag-icon nginx post cors
Nginx 未正确将 post 请求传递到子域

我在从顶级域名向子域名上的数据库传递帖子请求时遇到问题。

我有一个 django 后端,它将 Postgresql 数据库与 Angular 前端连接起来,并使用 gunicorn 和 nginx 作为我的服务器设置。

我在网站上有一个联系表单,它应该将联系人记录到数据库中。我已将 nginx 配置为反向代理,并且可以从数据库获取数据以显示在网站上,但似乎无法弄清楚如何从联系表单获取数据以发布到数据库。我的 nginx 配置:


    location /contact {
        set $cors_p '';
        if ($http_origin ~ '^https?://<top-level domain>\.uk|www\.<top-level domain>\.uk') {
            set $cors_p 'true';
        }

        if ($cors_p = 'true') {
            add_header 'Access-Control-Allow-Origin' '$http_origin' always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control_Methods' 'POST, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Tyoe,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        }

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 308;
        }
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }

    location / {
        set $cors '';
        if ($http_origin ~ '^https?://<top-level domain>\.uk|www\.<top-level domain>\.uk')      {
                set $cors 'true';
        }

        if ($cors = 'true') {
                add_header 'Access-Control-Allow-Origin' "$http_origin" always;
                add_header 'Access-Control-Allow-Credentials' 'true' always;
                add_header 'Access-Control-Allow-Methods' 'GET, PUT, DELETE, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
                # required to be able to read Authorization header in frontend
                #add_header 'Access-Control-Expose-Headers' 'Authorization' always;
        }

        if ($request_method = 'OPTIONS') {
                # Tell client that this pre-flight info is valid for 20 days
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain charset=UTF-8';
                add_header 'Content-Length' 0;
                return 204;
        }
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }

但在 chromes dev 工具中我得到了这个输出:

Access to XMLHttpRequest at 'https://api.<top-level domain>.uk/contact' from origin 'https://<top-level domain>.uk' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

据我所知,“Access-Control-Allow-Origin”标头正在“/contact”位置指令中设置。

nginx access.log 记录了以下信息:

"OPTIONS /contact HTTP/1.1" 308 180 "https://<top-level domain>.uk/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"

顶级域名(带有和不带有“www”)均使用 https,且子域名(“api.”)能够正确响应 GET 请求,但不能正确响应 POST 请求。

有人能看出我哪里错了吗?

相关内容