跨域

 add_header Access-Control-Allow-Origin "*";
 add_header Access-Control-Allow-Methods "OPTION, POST, GET";
 add_header Access-Control-Allow-Headers "*";

其他

 add_header X-Frame-Options "SAMEORIGIN"; # 防跨站点脚本攻击
 add_header X-XSS-Protection "1; mode=block"; # 防止xss攻击
 add_header X-Content-Type-Options "nosniff"; # 禁用浏览器根据响应头Content-Type字段来猜测类型

标签: none

添加新评论