Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
carroll2016-06-06 17:14:14
Nginx
carroll, 2016-06-06 17:14:14

Access-Control-Allow-Origin * (CSRF) header not being read?

I can't pull out Access-Control-Allow-Origin *
The server itself gives, but not a single browser sees this header.
Because of what I can not load fonts on the server.
site.conf

server {
    server_name realtime.mydomain.com;
    listen 80;
    add_header 'Access-Control-Allow-Origin' '*';
}

nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections   65536;
    use epoll;
    multi_accept on;
}
  
http {

    keepalive_timeout 65;
    keepalive_requests 100000;
    sendfile         on;
    tcp_nopush       on;
    tcp_nodelay      on;
    
    client_body_buffer_size    128k;
    client_max_body_size       10m;
    client_header_buffer_size    1k;
    large_client_header_buffers  4 4k;
    output_buffers   1 32k;
    postpone_output  1460;
    
    client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;
    
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 5;
    open_file_cache_errors off;

    include /etc/nginx/cloudflare;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

    gzip on;
    gzip_min_length  1000;
    gzip_buffers     4 4k;
    gzip_types       application/x-javascript text/css application/javascript text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon;
    gzip_disable "MSIE [1-6]\.";

    error_log  /var/log/nginx.error_log  warn;
    
    log_format main      '$remote_addr - $remote_user [$time_local]  '
      '"$request" $status $bytes_sent '
      '"$http_referer" "$http_user_agent" '
  		'"$gzip_ratio"';

    log_format download  '$remote_addr - $remote_user [$time_local]  '
      '"$request" $status $bytes_sent '
      '"$http_referer" "$http_user_agent" '
  		'"$http_range" "$sent_http_content_range"';
    
    map $status $loggable {
        ~^[23]  0;
        default 1;
    }
    
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;

}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Shatokhin, 2016-06-06
@Sovigod

Browsers need permission to view. Add header
Access-Control-Allow-Credentials: true

Report
C
carroll, 2016-06-07
@carroll

Yes, that's nothing. It turned out that because of the domain. Was .xyz, did the same on .com and it worked.

Similar questions
U
Uniq2015-06-23 21:51:15
What modules are used? 2Reply
V
Vampre2018-09-28 13:35:01
Why files are not loaded from media on VPS? 0Reply
L
lleballex2020-08-21 17:04:26
Nginx - how to specify a specific file for a URI? 1Reply
T
Taras Labiak2020-08-21 17:24:38
Is it possible to perform a hidden browser redirect in nginx? 1Reply
G
gremlintv22018-10-01 09:43:13
Is there a way to give one-time links through nginx? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question