diff --git a/nginx/openim-pc-proxy.conf b/nginx/openim-pc-proxy.conf index 2bf677d..bf45810 100644 --- a/nginx/openim-pc-proxy.conf +++ b/nginx/openim-pc-proxy.conf @@ -6,8 +6,9 @@ # # 安全组 / 防火墙须放行 TCP 80;后端 10001/10002/10008 仅需本机访问(127.0.0.1) # -# CORS:Vite 开发服在 :5173,API 经 :80 反代,浏览器视为跨域,需在此返回允许头并处理 OPTIONS 预检 -# chat-api / openim 等上游若自带 Access-Control-Allow-Origin(如 *),会与下方 add_header 合并成多个值导致浏览器报错,故用 proxy_hide_header 剥掉上游 CORS +# CORS:chat-api(:10008)与 openim(:10001/:10002)已在应用内通过 openimsdk/tools/mw.CorsHandler +# 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin,浏览器会收到 +# 「*, http://IP:5173」两个值并报错。故本配置不在 Nginx 层添加 CORS,预检 OPTIONS 也交给上游处理。 # # default_server:纯 IP 访问 http://x.x.x.x/ 时命中本 server(不做 CMS 静态站,仅 API 网关) # CMS 开发请用 http://IP:8001(UMI dev) @@ -28,14 +29,6 @@ server { # OpenIM HTTP API → openim-server :10002 location /api/im/ { - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; - add_header Access-Control-Max-Age 86400 always; - add_header Content-Length 0; - return 204; - } proxy_pass http://127.0.0.1:10002/; proxy_http_version 1.1; proxy_set_header Host $host; @@ -44,26 +37,10 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Expose-Headers; - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; } # 用户 / 登录相关 → chat-api :10008(与 im-cms-nginx 一致) location /api/user/ { - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; - add_header Access-Control-Max-Age 86400 always; - add_header Content-Length 0; - return 204; - } proxy_pass http://127.0.0.1:10008/; proxy_http_version 1.1; proxy_set_header Host $host; @@ -72,26 +49,10 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Expose-Headers; - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; } # Chat API → chat-api :10008 location /api/chat/ { - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; - add_header Access-Control-Max-Age 86400 always; - add_header Content-Length 0; - return 204; - } proxy_pass http://127.0.0.1:10008/; proxy_http_version 1.1; proxy_set_header Host $host; @@ -100,26 +61,10 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Expose-Headers; - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always; } # MsgGateway WebSocket → openim-server :10001 location /msg_gateway { - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,Upgrade,Connection,Sec-WebSocket-Key,Sec-WebSocket-Version,Sec-WebSocket-Protocol,Sec-WebSocket-Extensions" always; - add_header Access-Control-Max-Age 86400 always; - add_header Content-Length 0; - return 204; - } proxy_pass http://127.0.0.1:10001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -132,12 +77,6 @@ server { proxy_buffering off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Expose-Headers; - add_header Access-Control-Allow-Origin $http_origin always; } # 可选:健康检查