方法一:
server {
.....
set $cors_origin "";
if ($http_origin ~* "a.xxxx.com") {
set $cors_origin $http_origin;
}
if ($http_origin ~* "b.xxxx.com") {
set $cors_origin $http_origin;
}
if ($http_origin ~* "c.xxxx.com") {
set $cors_origin $http_origin;
}
add_header 'Access-Control-Allow-Origin' $cors_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With';
.....
}
方法二:
map $http_origin $cors_origin{
default 0;
"~http://a.xxxx.com" http://a.xxxx.com;
"~http://b.xxxx.com" http://b.xxxx.com;
"~http://b.xxxx.com" http://b.xxxx.com;
}
server
{
.....
location / {
add_header 'Access-Control-Allow-Origin' $cors_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With';
}
.....
}
方法三:
server
{
.....
location / {
if ( $http_origin ~ (.*).xxxxx.com ) {
add_header Access-Control-Allow-Origin $http_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With';
}
.....
}
但上面的方法,在CDN场景下好像没作用。