處理這個最簡單的方法是讓nginx的處理OPTIONS
要求:
server {
listen 80;
server_name example.com;
root /var/www;
auth_basic "Resctricted";
auth_basic_user_file /var/www/.htpasswd;
location/{
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "http://example.com";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
}
這將使OPTIONS
獲得,而不需要認證的響應:
[email protected] www $ curl -i -X OPTIONS http://example.com
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2017 00:09:52 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: http://example.com
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Credentials: true
Content-Length: 0
Content-Type: text/plain
[email protected] www $ curl -i http://example.com
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 17 Jun 2017 00:09:59 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Resctricted"
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>
感謝您的回答。我在你的幫助下提出了這個問題。這不對嗎?驗證碼必須在那裏,因爲這是唯一需要它的位置。我仍然得到401未經授權。 '位置〜/富/酒吧/ { 如果($ REQUEST_METHOD = OPTIONS){ ... 返回200; } auth_basic「Restricted」; auth_basic_user_file /var/www/.htpasswd; }' –