Google云负载平衡服务中的Access-Control-Allow-Allow-Origin通配符子域
我正在使用Google Cloud Load平衡服务,并希望为所有子域启用CORS。 例如,我希望能够从 https://sub.mywebsite.example.example.example to https://www.mywebsite.example
通常,我通常会做下面的,但它不起作用:
I'm using Google Cloud Load Balancing service, and want to enable CORS for all subdomains.
For example, I want to be able to run an XHR request from
https://sub.mywebsite.example to https://www.mywebsite.example
Typically, I will do the below, but it does not work:
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如 @ derpirscher所述,您必须将 * *指定为允许原始标头或确切协议:// host:port。
在您的用例中,对CORS请求的响应缺少所需的访问控制 - 允许原始标头,该标头用于确定是否可以通过在当前来源中运行的内容访问资源。
您还可以配置一个站点,以允许任何站点使用 *通配符访问它。您只能将其用于公共API。私有API永远不要使用 *,而应具有特定的域或域设置。此外,通配符仅适用于用versorigin属性设置为匿名的请求,并防止在请求中发送凭证。
Access-Control-Allow-Origin: *
确保请求具有原始标头,并且标头值与CORS配置中的原始值至少匹配。请注意,方案,主机和端口的值必须完全匹配。可接受匹配的一些示例如下:
http://origin.example.com 匹配 http://origin.example.com:80 (因为80是默认的http端口),但不匹配 https://origin.example.com , http://origin.example.com:8080 , http://origin.example.com:5151 或 http:// sub。 Origin.example.com 。
https://example.com:443 匹配 https://example.com 但不是 http://example.com 或 http://example.com:443 。
http:// localhost:8080仅与http:// localhost:8080,不是http:// localhost:5555或 http://localhost.example.com:8080 。
As mentioned by @ derpirscher you must either specify * as Allow-Origin header or the exact protocol://host:port.
In your use case the response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin.
You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs. Private APIs should never use *, and should instead have a specific domain or domains set. In addition, the wildcard only works for requests made with the crossorigin attribute set to anonymous, and it prevents sending credentials like cookies in requests.
Access-Control-Allow-Origin: *
Ensure that the request has an Origin header and that the header value matches at least one of the Origins values in the CORS configuration. Note that the scheme, host, and port of the values must match exactly. Some examples of acceptable matches are as follows:
http://origin.example.com matches http://origin.example.com:80 (because 80 is the default HTTP port), but does not match https://origin.example.com, http://origin.example.com:8080, http://origin.example.com:5151, or http://sub.origin.example.com.
https://example.com:443 matches https://example.com but not http://example.com or http://example.com:443.
http://localhost:8080 only matches exactly http://localhost:8080 , not http://localhost:5555 or http://localhost.example.com:8080 .