fix(nginx): 更新代理配置以支持微前端框架
- 注释掉默认的 X-Frame-Options 头部设置 - 添加 proxy_hide_header 指令隐藏上游返回的 X-Frame-Options - 增加 CORS 相关头部配置支持跨源资源访问 - 配置 Access-Control-Allow-Origin 允许所有来源 - 添加跨域请求方法和头部字段白名单 - 设置 Cross-Origin-Resource-Policy 为跨源策略
This commit is contained in:
parent
f7cb72342a
commit
42ef68857d
@ -36,7 +36,7 @@ server {
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # 只启用 TLS 1.2 和 TLS 1.3
|
||||
# 通用安全头部
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
# add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
# 用于 certbot 验证的配置
|
||||
location /.well-known/acme-challenge/ {
|
||||
@ -57,6 +57,15 @@ server {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
# 如果 X-Frame-Options 是上游返回的,隐藏它
|
||||
proxy_hide_header X-Frame-Options;
|
||||
|
||||
# Wujie 会 fetch HTML,必须允许跨源读取
|
||||
add_header Access-Control-Allow-Origin "*" always;
|
||||
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
|
||||
add_header Cross-Origin-Resource-Policy "cross-origin" always;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user