如何在Apache和Nginx中启用CORS?

作者姚伟斌

如果您想暴露Origin头。

add_header Access-Control-Expose-Headers "Origin";

Access-Control-Max-Age

您知道来自Access-Control-Allow-HeadersAccess-Control-Allow-Methods头的数据可以被缓存吗?在Firefox中可以缓存高达24小时,在Chrome(76+)中可以缓存2小时。

要禁用缓存,您可以将值保留为-1

Apache

缓存15分钟。

Header always set Access-Control-Max-Age "900"

如您所见,值以秒为单位。

Nginx

缓存一小时。

add_header Access-Control-Max-Age "3600";

添加后,重新启动Nginx以查看结果。

Access-Control-Allow-Credentials

这里只有一个选项-true。This是允许暴露凭据,如cookies、TLS证书、授权等。

Apache

Header always set Access-Control-Allow-Credentials "true"

Nginx

add_header Access-Control-Allow-Credentials "true";

并查看结果。

验证结果

一旦添加了必要的头信息,您可以使用浏览器内置的开发者工具或一个online HTTP header checker来验证。

结论

我希望以上内容能帮助您在Apache HTTP和Nginx Web服务器中实现CORS头以提供更好的安全性。您可能还有兴趣应用OWASP recommended secure headers

姚伟斌

程序猿

我是姚伟斌,也被称为文景。我的专业领域涵盖了开放源代码的深度探索、网络编程和网络建站。我热衷于分享我的编程和建站实践经验,尤其擅长于Nginx和Proxy服务器的管理。此外,我还对Python和NodeJS这两种编程语言有着深刻的理解和独到的见解。

最近,我致力于爬虫技术的研究,探索如何通过高效的数据抓取为项目增添价值。我的目标是通过持续的学习和创新,为开放源代码社区贡献我的力量,并帮助那些对网络编程和网站建设感兴趣的人士。

类似文章

一份面向初学者的“一切皆代码”简介

一份面向初学者的“一切皆代码”简介

作者姚伟斌

of DevOps practices, the increasing adoption of cloud computing, and the rise of automation tools, the idea of treating infrastructure and configurations as code has gained popularity.

EaC promotes the use of version control systems, such as Git, to manage infrastructure and configuration files. This allows for easier collaboration, tracking of changes, and the ability to roll back to previous versions if needed.

By treating infrastructure as code, organizations can benefit from the same advantages that software development teams have enjoyed for years, such as code reuse, automated testing, and continuous integration and deployment.

Furthermore, using code to define infrastructure and configurations brings consistency and reproducibility. Instead of manually setting up and configuring servers, networks, and other resources, everything is defined in code, making it easier to create and maintain consistent environments.

EaC also enables infrastructure to be treated as a software artifact, which can be tested, reviewed, and improved over time. This can help identify and fix issues before they become critical problems.

Overall, the adoption of EaC can lead to more efficient and reliable infrastructure management, faster delivery of applications and services, and increased collaboration between development and operations teams.