假设我们有以下配置($branch在此代码片段之前设置,但我猜它不相关):
# If the request origin ends in .domain.com
set $allowed_origin "";
if ($http_origin ~* ^(.+\.)?domain\.com$) {
set $allowed_origin $http_origin;
}
add_header Access-Control-Allow-Origin "$allowed_origin" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Content-Type, Cookie, Some-Custom-Header, Another-Custom-Header, X-And-Another-One" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
root /var/path/www/$branch/www;
index index.php index.html;
error_page 404 = /notfound.php;
location ~ ^/v\d+/ {
root /var/path/www/$branch/www;
try_files $uri_lower $uri_lower/ /some.php?$query_string;
}
location / {
root /var/path/www/$branch/www;
try_files $uri_lower $uri_lower/ =404;
}
location ~ \.php$ {
try_files $uri_lower $uri_lower/ $uri $uri/ =404;
include fastcgi-params;
}
对于以下请求,这可以正常工作(返回 200):
OPTIONS https://some.domain.com/v1/graphql HTTP/1.1
Host: some.domain.com
Origin: https://another.domain.com
但是,当我在第一个中添加一个空的if(没有add_header修改,只是一个空的if)时location:
location ~ ^/v\d+/ {
if ($http_origin ~* ^(.+\.)?domain\.com$) {
}
root /var/path/www/$branch/www;
try_files $uri_lower $uri_lower/ /some.php?$query_string;
}
它开始回应
HTTP/1.1 405 Not Allowed
有人知道为什么以及如何在这里添加 if 条件吗?可能,我想操作其中的标头,如果仅针对允许的来源设置特定的 CORS。